Greg Stark wrote:
Gaetano Mendola [EMAIL PROTECTED] writes:
Well, when SHA-0 was ready NSA suggested to apply some changes in order to
correct some flaw discovered and SHA-1 comes out, interesting NSA never wrote
which flaw was corrected!
May be SHA-1 is trasparent water to NSA eyes :-)
This is
Tom Lane [EMAIL PROTECTED] writes:
it's unlikely that the same situation holds today.
Why would you think that? The US government may not have too many
clues, but they certainly understand the importance of crypto. I cannot
think of any reason to suppose that NSA et al would have stopped
Greg Stark [EMAIL PROTECTED] writes:
This means it's quite possible the NSA had differential cryptanalysis
30 years before anyone else.
s/quite possible/known fact/
Quite a remarkable achievement. However
it's unlikely that the same situation holds today.
Why would you think that? The US
On Wed, Sep 08, 2004 at 00:33:39 -0400,
Tom Lane [EMAIL PROTECTED] wrote:
I've been hearing rumblings that MD5 and all other known crypto
protocols are known vulnerable since the latest crypto symposiums.
(Not that we didn't all suspect the NSA et al could break 'em, but
now they've told
Tom Lane wrote:
I read that the password hash in pg_shadow is salted with username. Is
this still the case? If so, since probably 99% of all PostgreSQL has
postgres as the superuser name, wouldn't it be better to use standard
Unix/Apache MD5 hash instead?
How does that improve anything? If we
David Garamond wrote:
Consider someone who creates a long list of:
MD5( postgres + )
MD5( postgres + aaab )
MD5( postgres + aaac )
...
Now if he has access to other people's pg_shadow, he can compare the
hashes with his dictionary. Replacing postgres with a random salt
Richard Huxton [EMAIL PROTECTED] writes:
David Garamond wrote:
Consider someone who creates a long list of:
MD5( postgres + )
MD5( postgres + aaab )
MD5( postgres + aaac )
But surely you have to store the random salt in pg_shadow too? Or am I
missing something?
I think
Tom Lane wrote:
I think David is suggesting that the hypothetical attacker could gain
economies of scale in multiple attacks (ie, if he'd been able to steal
the contents of multiple installations' pg_shadow, he'd only need to
generate his long list of precalculated hashes once). I think this is
David Garamond [EMAIL PROTECTED] writes:
Tom Lane wrote:
Also, MD5 hashing is fast enough that I'm not sure the above is really
significantly cheaper than a straight brute-force attack, ie, you just
take your list of possible passwords and compute the hashes on the fly.
The hashes are going