Few small things:
- Mention pgcrypto.sql
- Mention asciidoc. To hint that occasional weird formatting
is not random.
- Clarify few senctences.
- Remove anything related to MySQL password(). It was
interesting to look at, but it should not be mentioned in
serious conversation. Also, they have replaced it in 4.1
with SHA1, so the crap implementation is best forgotten.
--
marko
Index: contrib/pgcrypto/README.pgcrypto
===================================================================
RCS file: /opt/arc/cvs2/pgsql/contrib/pgcrypto/README.pgcrypto,v
retrieving revision 1.13
diff -u -c -r1.13 README.pgcrypto
*** contrib/pgcrypto/README.pgcrypto 13 Aug 2005 02:06:20 -0000 1.13
--- contrib/pgcrypto/README.pgcrypto 1 Nov 2005 22:56:42 -0000
***************
*** 3,8 ****
--- 3,10 ----
=================================================
Marko Kreen <marko@l-t.ee>
+ // Note: this document is in asciidoc format.
+
1. Installation
-----------------
***************
*** 17,22 ****
--- 19,31 ----
for the module. They make sure the functions here produce correct
results.
+ Next, to get the function into particular database, run commands in
+ file pgcrypto.sql, which should be installed into shared files directory.
+
+ Example using psql:
+
+ psql -d DBNAME -f pgcrypto.sql
+
2. Notes
----------
***************
*** 248,254 ****
crypt-des 362837 7 days 19 years
sha1 590223 4 days 12 years
md5 2345086 1 day 3 years
- password 143781000 25 mins 18 days
------------------------------------------------------------
* The machine used is 1.5GHz Pentium 4.
--- 257,262 ----
***************
*** 256,263 ****
John the Ripper v1.6.38 `-test` output.
* MD5 numbers are from mdcrack 1.2.
* SHA1 numbers are from lcrack-20031130-beta.
- * MySQL password() numbers are from my own tests.
- (http://grue.l-t.ee/~marko/src/mypass/)
* `crypt-bf` numbers are taken using simple program that loops
over 1000 8-character passwords. That way I can show the speed with
different number of rounds. For reference: `john -test` shows 213
--- 264,269 ----
***************
*** 268,276 ****
Note that the "try all combinations" is not a realistic exercise.
Usually password cracking is done with the help of dictionaries, which
contain both regular words and various mutations of them. So, even
! somewhat word-like passwords will be cracked much faster than the above
numbers suggest, and a 6-character non-word like password may escape
! cracking. Or may not.
5. PGP encryption
--- 274,282 ----
Note that the "try all combinations" is not a realistic exercise.
Usually password cracking is done with the help of dictionaries, which
contain both regular words and various mutations of them. So, even
! somewhat word-like passwords could be cracked much faster than the above
numbers suggest, and a 6-character non-word like password may escape
! cracking. Or not.
5. PGP encryption
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
