On Thu, Jun 9, 2011 at 5:46 AM, Craig Ringer <craig@xxxxxxxxxxxxxxxxxxxxx> wrote: > On 09/06/11 03:07, Isak Hansen wrote: > >> While MD5 is considered broken for certain applications, it's still >> perfectly valid for auth purposes. > > MD5 rainbow tables can be calculated quickly using services easily > available to anyone (eg: EC2) and rainbow tables for passwords up to 8 > chars have been successfully used in demo and real attacks several times > in the last year. It's looking pretty shakey. I'd think rainbow tables pose a similar threat to short passwords no matter which algorithm is used. > That said, _properly_ _salted_ md5 is still likely to be strong enough > for most people's likely attack scenarios for quite some time to come. > It's only unsalted md5 that's dangerously stupid to use now - and it was > never exactly a good idea. Indeed, algorithm selection is just one small piece of getting crypto right. Note that I'm not recommending MD5 for anything new; the hash is certainly flawed and could contain more vulnerabilities. I'm just speaking up against advice to stay away from md5 auth in postgres, which AFAIK is just ignorant parroting. Isak -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general