Jim Michaels wrote: > The following bug has been logged online: > > Bug reference: 4876 > Logged by: Jim Michaels > Email address: jmich...@yahoo.com > PostgreSQL version: 8.3.7-1 > Operating system: windows XP Pro SP3 > Description: author of MD5 says it's seriously broken - hash > collision resistance problems > Details: > > If you are looking for hash collision protection, start looking at SHA-256 > or SHA-512. > > "In any case, you may not want to be using md5 (at least for > applications requiring collision-resistance), as it is > seriously broken. Use SHA-256 instead." - Ronald Rivest (author of MD5)
We are talking about two different uses here, I think. Using MD5 for passwords doesn't, afaik, actually require collision-resistance. It requires resistance against preimage-attacks, which there are none for MD5. At least not yet. The other use is for hashes in the application, for users of pgcrypto. pgcrypto already provides SHA-256 and SHA-512 for this use. > I was using MD5 in my zapdupes program and was told by the author of MD5, > and switched to SHA-512, because of the size of the files I was dealing > with. since you have BLOBs, I suggest you do the same. There is no hashing of the BLOBs unless you build that into your application, in which case it's your responsibility to use a secure algorithm. PostgreSQL just stores it. > this has implications for storing passwords as MD5 hashes. My That would be the only system use of MD5. What implications are those? We might want to consider using a safer hash for the password storage at some point, but from what I gather it's not really urgent for *that* use. What would be more urgent is to provide a secure hashing *function* to end users that doesn't rely on pgcrypto. But there is a solution for this available today for those who need it - install pgcrypto. > I have implemented SHA-512 as GPL'd code that you may use at PostgreSQL is a BSD project and we have no use for GPL code. We also already have implementations of SHA256 and SHA512 that are BSD licensed in our codebase. > one possibility is that you could make the MD5 function actually return a > SHA-512 hash. That seems like a horrible idea. -- Magnus Hagander Self: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
