Quick Links

Use of MD5

From:	Jeffrey Walton <noloader(at)gmail(dot)com>
To:	pgsql-bugs(at)postgresql(dot)org
Subject:	Use of MD5
Date:	2013-11-13 08:40:01
Message-ID:	CAH8yC8ksq5zjU7O7e5kCN0JVmeP+PgeUpY-OutjaJ1Gd5ec5yw@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

Might as well get this one out of the way....

There's a lot of use of MD5 with mini-salts of 4 bytes. Its one thing
if using MD5 as a PRF, but its another when using it for its security
properties (or lack thereof). See, for example, crypt.c, user.c, and
passwordcheck.c.

varlena.c appears to claim MD5_HASH_LEN is 32 bytes rather than 16
(perhaps its wishful thinking ?).

There does not appear to be a widely used alternative available.

Responses

Re: Use of MD5 at 2013-11-13 10:56:33 from Heikki Linnakangas
Re: Use of MD5 at 2013-11-16 03:43:48 from Tomas Vondra

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Heikki Linnakangas	2013-11-13 10:56:33	Re: Use of MD5
Previous Message	Jeffrey Walton	2013-11-13 08:23:29	postmaster.c and random keys/salts