| From: | Gaetano Mendola <mendola(at)bigfoot(dot)com> |
|---|---|
| To: | Bruno Wolff III <bruno(at)wolff(dot)to> |
| Subject: | Re: Salt in encrypted password in pg_shadow |
| Date: | 2004-09-08 20:51:00 |
| Message-ID: | 413F70B4.5090401@bigfoot.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Bruno Wolff III wrote:
> On Wed, Sep 08, 2004 at 00:33:39 -0400,
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
>>I've been hearing rumblings that MD5 and all other known crypto
>>protocols are known vulnerable since the latest crypto symposiums.
>>(Not that we didn't all suspect the NSA et al could break 'em, but
>>now they've told us exactly how they do it.)
>
>
> Things aren't currently that bad. So far people have found a way to find
> two strings that give the same hash using MD5. They haven't yet found a way
> to find a string which hashes to a given hash. SHA-0 was also shown to
> have some weakness. From comments I have read, I don't think SHA-1 was
> shown to have any weaknesses. One comment specifically mentioned that
> the change made between SHA-0 and SHA-1 seems to have been made to address
> the weakness found in SHA-0. I haven't read the source papers, so take this
> all with a grain of salt.
Well, when SHA-0 was ready NSA suggested to apply some changes in order to
correct some flaw discovered and SHA-1 comes out, interesting NSA never wrote
which flaw was corrected!
May be SHA-1 is trasparent water to NSA eyes :-)
I'm sure this entire thread will be stored somewhere else then archives...
Regards
Gaetano Mendola
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2004-09-08 20:59:56 | Re: Returning multiple values (but one row) in plpgsql |
| Previous Message | Joe Conway | 2004-09-08 20:46:36 | Re: Returning multiple values (but one row) in plpgsql |