Search Postgresql Archives

Re: Encrypted column

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/5/07, Marko Kreen <markokr@xxxxxxxxx> wrote:
On 6/5/07, Marko Kreen <markokr@xxxxxxxxx> wrote:
> both md5 and sha1 are actually easier to bruteforce than
> the old DES-based crypt.

If this statement seems weird - the problem is the speed.
MD5 and SHA1 are just faster algorithms than des-crypt.

And there's nothing wrong with fast general-purpose algorithms,
as long their cryptographic properties hold.  Starting from
20-30 bytes the bruteforce is really not an option.

But if you have under 10 bytes (let be honest - you have
6 bytes...) the speed start to matter, because it is possible
on random laptop to simply try all combinations.

--
marko


pgcrypto also supports md5, so I'm not sure what you're referring to
here.  As I already mentioned, *salting* before you hash is a very
important step.  I'm not sure if you saw that in my post.  Without a
salt, it's trivial to generate a list of all combinations of md5'd
strings and their results, up to reasonable lengths.  Then it would be
very simple to look up each hash and get the original text.  With a
salt, you need to generate all possible md5s for all possible salts --
a much harder task.

In any case, pgcrypto seems to be a nice and full featured tool, so
one should use that instead of rolling their own.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux