Quick Links

Re: reducing our reliance on MD5

From:	Claudio Freire <klaussfreire(at)gmail(dot)com>
To:	Peter Geoghegan <pg(at)heroku(dot)com>
Cc:	Arthur Silva <arthurprs(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: reducing our reliance on MD5
Date:	2015-02-11 04:35:00
Message-ID:	CAGTBQpbWvMy_eOhQMhZy6FKhBqLDZKw+rq3A_ePnk9tK4nAYQg@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Tue, Feb 10, 2015 at 10:19 PM, Peter Geoghegan <pg(at)heroku(dot)com> wrote:
> On Tue, Feb 10, 2015 at 5:14 PM, Arthur Silva <arthurprs(at)gmail(dot)com> wrote:
>> I don't think the "password storing best practices" apply to db connection
>> authentication.
>
> Why not?

Usually because handshakes use a random salt on both sides. Not sure
about pg's though, but in general collision strength is required but
not slowness, they're not bruteforceable.

In response to

Re: reducing our reliance on MD5 at 2015-02-11 01:19:27 from Peter Geoghegan

Responses

Re: reducing our reliance on MD5 at 2015-02-11 20:25:53 from Heikki Linnakangas

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Jim Nasby	2015-02-11 05:58:07	Re: Manipulating complex types as non-contiguous structures in-memory
Previous Message	Peter Eisentraut	2015-02-11 04:07:31	Re: GRANT USAGE on FOREIGN SERVER exposes passwords