> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Just a reminder. What I think it insecure is the size of our salt.
> > With only 3300 possible salts, it doesn't take long to playback a
> > duplicate. That is true of MD5 and crypt.
>
> But aren't we increasing the size of the salt keyspace for MD5?
> It'd surely be a major oversight not to.
We aren't. I can do that, but have not discussed it yet. If we do it
is clearly a protocol change. How will old clients handle longer salt,
and how do I know if they are older if I don't bump up the protocol
version number?
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026