On Wed, Apr 20, 2005 at 05:03:18PM -0400, Tom Lane wrote: > > This would allow for the pregeneration of the entire md5 > > keyspace using that 'salt' and then quick breakage of the hash once > > it's retrieved by the attacker. > > Considering the size of the possible keyspace, this is pretty silly. Actually, it's not as silly as you think. You can download rainbow tables for Windows/LanMan passwords up to 14 or 15 characters in length. Given the password hash and some code, you can determine the user's password in a matter of minutes. Simply put, MD5 is no longer strong enough for protecting secrets. It's just too easy to brute-force. SHA1 is ok for now, but it's days are numbered as well. I think it would be good to alter SHA1 (or something stronger) as an alternative to MD5, and I see no reason not to use a random salt instead of username. -- Jim C. Nasby, Database Consultant decibel@xxxxxxxxxxx Give your computer some brain candy! www.distributed.net Team #1828 Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?"
