Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems
Дата
Msg-id 4A41EAED.6040303@hagander.net
обсуждение исходный текст
Ответ на BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems  ("Jim Michaels" <jmichae3@yahoo.com>)
Ответы Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems  ("Meredith L. Patterson" <mlp@osogato.com>)
Список pgsql-bugs
Jim Michaels wrote:
> The following bug has been logged online:
>
> Bug reference:      4876
> Logged by:          Jim Michaels
> Email address:      jmichae3@yahoo.com
> PostgreSQL version: 8.3.7-1
> Operating system:   windows XP Pro SP3
> Description:        author of MD5 says it's seriously broken - hash
> collision resistance problems
> Details:
>
> If you are looking for hash collision protection, start looking at SHA-256
> or SHA-512.
>
> "In any case, you may not want to be using md5 (at least for
> applications requiring collision-resistance), as it is
> seriously broken.  Use SHA-256 instead." - Ronald Rivest (author of MD5)

We are talking about two different uses here, I think.

Using MD5 for passwords doesn't, afaik, actually require
collision-resistance. It requires resistance against preimage-attacks,
which there are none for MD5. At least not yet.

The other use is for hashes in the application, for users of pgcrypto.
pgcrypto already provides SHA-256 and SHA-512 for this use.


> I was using MD5 in my zapdupes program and was told by the author of MD5,
> and switched to SHA-512, because of the size of the files I was dealing
> with.  since you have BLOBs, I suggest you do the same.

There is no hashing of the BLOBs unless you build that into your
application, in which case it's your responsibility to use a secure
algorithm. PostgreSQL just stores it.


> this has implications for storing passwords as MD5 hashes.  My

That would be the only system use of MD5. What implications are those?

We might want to consider using a safer hash for the password storage at
some point, but from what I gather it's not really urgent for *that* use.

What would be more urgent is to provide a secure hashing *function* to
end users that doesn't rely on pgcrypto. But there is a solution for
this available today for those who need it - install pgcrypto.


> I have implemented SHA-512 as GPL'd code that you may use at

PostgreSQL is a BSD project and we have no use for GPL code. We also
already have implementations of SHA256 and SHA512 that are BSD licensed
in our codebase.


> one possibility is that you could make the MD5 function actually return a
> SHA-512 hash.

That seems like a horrible idea.


--
 Magnus Hagander
 Self: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Bhushan Verma
Дата:
Сообщение: Re: psql: FATAL: the database system is in recovery mode
Следующее
От: Heikki Linnakangas
Дата:
Сообщение: Re: psql: FATAL: the database system is in recovery mode