Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
- To: Tom Lane <tgl@xxxxxxxxxxxxx>, "Jim C. Nasby" <decibel@xxxxxxxxxxx>, pgsql-hackers@xxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
- From: Bruno Wolff III <bruno@xxxxxxxx>
- Date: Thu, 21 Apr 2005 17:27:16 -0500
- In-reply-to: <20050421022701.GU29028@xxxxxxxxxxxxxx>
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mail-followup-to: Tom Lane <tgl@xxxxxxxxxxxxx>, "Jim C. Nasby" <decibel@xxxxxxxxxxx>, pgsql-hackers@xxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
- References: <20050420165055.GQ29028@xxxxxxxxxxxxxx> <4659.1114030998@xxxxxxxxxxxxx> <20050420212323.GT58835@xxxxxxxxxxx> <6070.1114034598@xxxxxxxxxxxxx> <20050421022701.GU29028@xxxxxxxxxxxxxx>
- User-agent: Mutt/1.5.6i
On Wed, Apr 20, 2005 at 22:27:01 -0400,
Stephen Frost <sfrost@xxxxxxxxxxx> wrote:
>
> SHA2 would also be nice.
I think the new hash functions are called SHA256 and SHA512.
For Postgres' purposes the recent weaknesses found in SHA1 and MD5
aren't a big deal.
- References:
- Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
- Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords