[Firebird-devel] [FB-Tracker] Created: (CORE-4886) Create Database on Windows XP

2015-07-26 Thread Kobus (JIRA)
Create Database on Windows XP - Key: CORE-4886 URL: http://tracker.firebirdsql.org/browse/CORE-4886 Project: Firebird Core Issue Type: Bug Components: ISQL Affects Versions: 3.0 Beta 2 Envir

[Firebird-devel] Insecure hashing and encryption in Firebird 3

2015-07-26 Thread Mark Rotteveel
I have brought this up before, and it might be a bit annoying that I do so again, but I remain concerned by the fact that we are about to ship a product (Firebird 3) that uses hashing and encryption algorithms (SHA-1 and RC4) that most in the industry consider outdated and (relatively) insecure

Re: [Firebird-devel] Preventing error code "collision"

2015-07-26 Thread Mark Rotteveel
On 25-7-2015 15:08, Vlad Khorsun wrote: > 25.07.2015 15:45, Mark Rotteveel wrote: > > >> How would I go about that if none of the errors in that facility are >> defined inside Firebird, > > We could define and reserve facility code for Jaybird and let you know it. That would be great. >> an

Re: [Firebird-devel] Insecure hashing and encryption in Firebird 3

2015-07-26 Thread James Starkey
Get real. Read about the actual problems. Bthe issue is that there is a theoretical problem that a manufactured duplicate collision could be manufactored in something like time 2^82, something that nobody has actually be able to do. Sure, SHA-1 has a known weakeness. It's replacement probably ha

Re: [Firebird-devel] Insecure hashing and encryption in Firebird 3

2015-07-26 Thread Alex Peshkoff
On 07/26/2015 01:39 PM, James Starkey wrote: > Get real. Read about the actual problems. Bthe issue is that there is a > theoretical problem that a manufactured duplicate collision could be > manufactored in something like time 2^82, something that nobody has > actually be able to do. > > Sure, SH

Re: [Firebird-devel] Insecure hashing and encryption in Firebird 3

2015-07-26 Thread Ivan Arabadzhiev
Personally, I've recently started using (mostly for kicks) things like https://en.wikipedia.org/wiki/Scrypt https://en.wikipedia.org/wiki/Bcrypt https://en.wikipedia.org/wiki/PBKDF2 I suppose the option to tune them in the future (or even introduce a configurable parameter) is also a plus. 2015-07

Re: [Firebird-devel] Insecure hashing and encryption in Firebird 3

2015-07-26 Thread Jim Starkey
On 7/26/2015 2:38 PM, Alex Peshkoff wrote: > On 07/26/2015 01:39 PM, James Starkey wrote: >> If you were starting over from scratch, you wouldn't want to use SHA-1 to >> avoid wasting time with discussions like this. See also RC4. But the >> problem with SHA-1 doesn't justify the inconvenience of

Re: [Firebird-devel] Preventing error code "collision"

2015-07-26 Thread Vlad Khorsun
26.07.2015 12:08, Mark Rotteveel wrote: > On 25-7-2015 15:08, Vlad Khorsun wrote: >> 25.07.2015 15:45, Mark Rotteveel wrote: >>> >>> How would I go about that if none of the errors in that facility are >>> defined inside Firebird, >> >> We could define and reserve facility code for Jaybird

Re: [Firebird-devel] Preventing error code "collision"

2015-07-26 Thread Ann Harrison
On Sun, Jul 26, 2015 at 5:15 PM, Vlad Khorsun wrote: > > > > > Or is there a reason to ignore those higher bits for the facility and > code? > >I have no idea why ENCODE_ISC_MSG written in this way. > > > CLASS_MASK seems to not be used anywhere, or at least I can't remember > > ever having s

Re: [Firebird-devel] Insecure hashing and encryption in Firebird 3

2015-07-26 Thread Jiří Činčura
> Personally, I've recently started using (mostly for kicks) things like > https://en.wikipedia.org/wiki/Scrypt > https://en.wikipedia.org/wiki/Bcrypt > https://en.wikipedia.org/wiki/PBKDF2 > I suppose the option to tune them in the future (or even introduce a > configurable > parameter) is also