On Thu, Apr 03, 2008 at 07:07:56PM +0200, Svenne Krap wrote: > I currently save only md5(id || username || 'password')* into password, > if I had access to sha1 (for example) i would add another password > column so, having for example > > ID serial > Username varchar > Password_md5 varchar > Password_sha1 varchar > > No matter how you see it, I get more bits of hash to check against.
Are you a cryptanalyst and are you sure that this doesn't actually make things worse? I'm sure it gives you a warm fuzzy feeling that it's *got* to be better, but unless someone has done some hard maths I'm not sure how you can be so sure. Why not just use SHA-512, you get many more quality bits that way. > I would drop md5 totally and use sha1 and ripemd-160 if possible.. but > currently i use only md5 as it is the only available one.. Loading > pgcrypto is overkill for something as simple as hash-functions. Sounds like a good reason for moving the current md5 function out into pgcrypto as well! :) > * I prepend the id and the username to guard users with weak passwords > against known hashvalues (rainbow tables) should the box ever get > comprised ... I take it your threat model doesn't include the attacker logging incoming queries to look for the clear-text password. Sam -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
