On Wed, Oct 10, 2012 at 11:41 AM, Heikki Linnakangas <hlinnakan...@vmware.com> wrote: > 1. Salt length. Greg Stark calculated the odds of salt collisions here: > http://archives.postgresql.org/pgsql-hackers/2004-08/msg01540.php. It's not > too bad as it is, and as Greg pointed out, if you can eavesdrop it's likely > you can also hijack an already established connection. Nevertheless I think > we should make the salt longer, say, 16 bytes.
Fwiw that calculation was based on the rule of thumb that a collision is likely when you have sqrt(hash space) elements. Wikipedia has a better formula which comes up with 77,163. For 16 bytes that formula gives 2,171,938,135,516,356,249 salts before you expect a collision. -- greg -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers