| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: reducing our reliance on MD5 |
| Date: | 2015-02-11 17:02:48 |
| Message-ID: | 20150211170248.GA28568@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Feb 10, 2015 at 09:30:37PM -0500, Tom Lane wrote:
> I think it would be wise to take two steps back and think about what
> the threat model is here, and what we actually need to improve.
> Offhand I can remember two distinct things we might wish to have more
> protection against:
>
> * scraping of passwords off the wire protocol (but is that still
> a threat in an SSL world?). Better salting practice would do more
> than replacing the algorithm as such for this, IMO.
Agreed. In 2004 Greg Stark estimated that it would take only 64k
connection attempts to get a server-supplied reply of a salt already
seen that can be replayed:
If you have a few salts the number goes down further. I think the
32-bit salt length is the greatest risk to our existing MD5
implementation. While leaving MD5 has a theoretical benefit, using a
64-bit salt has a practical benefit.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-02-11 17:16:25 | Re: reducing our reliance on MD5 |
| Previous Message | Stephen Frost | 2015-02-11 16:55:18 | Re: GSoC 2015 - mentors, students and admins. |