On 02/11/2015 06:35 AM, Claudio Freire wrote:
Usually because handshakes use a random salt on both sides. Not sure
about pg's though, but in general collision strength is required but
not slowness, they're not bruteforceable.

To be precise: collision resistance is usually not important for hashes used in authentication handshakes. Not for our MD5 authentication method anyway; otherwise we'd be screwed. What you need is resistance to pre-image attacks.

See https://en.wikipedia.org/wiki/Cryptographic_hash_function#Properties

- Heikki



--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to