[38481] in bugtraq
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
daemon@ATHENA.MIT.EDU (Jim C. Nasby)
Wed Apr 20 18:07:05 2005
Date: Wed, 20 Apr 2005 16:23:23 -0500
From: "Jim C. Nasby" <decibel@decibel.org>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Stephen Frost <sfrost@snowman.net>, pgsql-hackers@postgresql.org,
bugtraq@securityfocus.com
Message-ID: <20050420212323.GT58835@decibel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4659.1114030998@sss.pgh.pa.us>
On Wed, Apr 20, 2005 at 05:03:18PM -0400, Tom Lane wrote:
> > This would allow for the pregeneration of the entire md5
> > keyspace using that 'salt' and then quick breakage of the hash once
> > it's retrieved by the attacker.
>
> Considering the size of the possible keyspace, this is pretty silly.
Actually, it's not as silly as you think. You can download rainbow
tables for Windows/LanMan passwords up to 14 or 15 characters in length.
Given the password hash and some code, you can determine the user's
password in a matter of minutes.
Simply put, MD5 is no longer strong enough for protecting secrets. It's
just too easy to brute-force. SHA1 is ok for now, but it's days are
numbered as well. I think it would be good to alter SHA1 (or something
stronger) as an alternative to MD5, and I see no reason not to use a
random salt instead of username.
--
Jim C. Nasby, Database Consultant decibel@decibel.org
Give your computer some brain candy! www.distributed.net Team #1828
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"
