| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Claudio Freire <klaussfreire(at)gmail(dot)com> |
| Cc: | Peter Geoghegan <pg(at)heroku(dot)com>, Arthur Silva <arthurprs(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: reducing our reliance on MD5 |
| Date: | 2015-02-11 21:38:23 |
| Message-ID: | 54DBCBCF.9000600@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 02/11/2015 11:30 PM, Claudio Freire wrote:
> On Wed, Feb 11, 2015 at 5:25 PM, Heikki Linnakangas
> <hlinnakangas(at)vmware(dot)com> wrote:
>> On 02/11/2015 06:35 AM, Claudio Freire wrote:
>>>
>>> Usually because handshakes use a random salt on both sides. Not sure
>>> about pg's though, but in general collision strength is required but
>>> not slowness, they're not bruteforceable.
>>
>> To be precise: collision resistance is usually not important for hashes used
>> in authentication handshakes. Not for our MD5 authentication method anyway;
>> otherwise we'd be screwed. What you need is resistance to pre-image attacks.
>
> AFAIK, if I find a colliding string to the MD5 stored in pg_authid, I
> can specify that to libpq and get authenticated.
>
> Am I missing something?
If you know the MD5 stored in pg_authid, you can use that directly to
authenticate. No need to find the original password, or another
colliding string, that hashes to the same MD5.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-02-11 21:51:18 | Re: reducing our reliance on MD5 |
| Previous Message | Claudio Freire | 2015-02-11 21:37:27 | Re: reducing our reliance on MD5 |