Greg Stark <[EMAIL PROTECTED]> writes:
> This means it's quite possible the NSA had differential cryptanalysis
> 30 years before anyone else.
s/quite possible/known fact/
> Quite a remarkable achievement. However
> it's unlikely that the same situation holds today.
Why would you think that? The
Tom Lane <[EMAIL PROTECTED]> writes:
> > it's unlikely that the same situation holds today.
>
> Why would you think that? The US government may not have too many
> clues, but they certainly understand the importance of crypto. I cannot
> think of any reason to suppose that NSA et al would have
Greg Stark wrote:
Gaetano Mendola <[EMAIL PROTECTED]> writes:
Well, when SHA-0 was ready NSA suggested to apply some changes in order to
correct some flaw discovered and SHA-1 comes out, interesting NSA never wrote
which flaw was corrected!
May be SHA-1 is trasparent water to NSA eyes :-)
This is
On Wed, Sep 08, 2004 at 00:33:39 -0400,
Tom Lane <[EMAIL PROTECTED]> wrote:
>
> I've been hearing rumblings that MD5 and all other known crypto
> protocols are known vulnerable since the latest crypto symposiums.
> (Not that we didn't all suspect the NSA et al could break 'em, but
> now they've
David Garamond <[EMAIL PROTECTED]> writes:
> Tom Lane wrote:
>> Also, MD5 hashing is fast enough that I'm not sure the above is really
>> significantly cheaper than a straight brute-force attack, ie, you just
>> take your list of possible passwords and compute the hashes on the fly.
>> The hashes a
Tom Lane wrote:
I think David is suggesting that the hypothetical attacker could gain
economies of scale in multiple attacks (ie, if he'd been able to steal
the contents of multiple installations' pg_shadow, he'd only need to
generate his long list of precalculated hashes once). I think this is
to
Richard Huxton <[EMAIL PROTECTED]> writes:
> David Garamond wrote:
>> Consider someone who creates a long list of:
>> MD5( "postgres" + "" )
>> MD5( "postgres" + "aaab" )
>> MD5( "postgres" + "aaac" )
> But surely you have to store the random salt in pg_shadow too? Or am I
> missi
David Garamond wrote:
Consider someone who creates a long list of:
MD5( "postgres" + "" )
MD5( "postgres" + "aaab" )
MD5( "postgres" + "aaac" )
...
Now if he has access to other people's pg_shadow, he can compare the
hashes with his dictionary. Replacing "postgres" with a rando
Tom Lane wrote:
I read that the password hash in pg_shadow is salted with username. Is
this still the case? If so, since probably 99% of all PostgreSQL has
"postgres" as the superuser name, wouldn't it be better to use standard
Unix/Apache MD5 hash instead?
How does that improve anything? If we
