| From: | Andrew Chernow <ac(at)esilo(dot)com> |
|---|---|
| To: | Jim Michaels <jmichae3(at)yahoo(dot)com> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #4876: author of MD5 says it's seriously broken - hash collision resistance problems |
| Date: | 2009-06-24 12:51:13 |
| Message-ID: | 4A422141.4020503@esilo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Jim Michaels wrote:
> The following bug has been logged online:
>
> Bug reference: 4876
> Logged by: Jim Michaels
> Email address: jmichae3(at)yahoo(dot)com
> PostgreSQL version: 8.3.7-1
> Operating system: windows XP Pro SP3
> Description: author of MD5 says it's seriously broken - hash
> collision resistance problems
> Details:
>
> If you are looking for hash collision protection, start looking at SHA-256
> or SHA-512.
>
I personally avoid using sha256 and sha512 because they have proven to be cpu
hogs, profilers show them sucking the life out of my applications ... adding
large amounts of latency. If you use these, make sure their use is rather
small; ie. not for lots of files or blobs.
If you realy need good collision detection, I would recommend combining two
algorithms into a single hash, like crc32+md5 or md5+sha1. The chances of a
collision on both algorithms on the same message becomes far more unlikely.
Also, they end up being more efficient than sha256 by itself.
--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bhushan Verma | 2009-06-24 13:22:11 | Re: psql: FATAL: the database system is in recovery mode |
| Previous Message | Magnus Hagander | 2009-06-24 12:45:54 | Re: GetTokenInformation() and FreeSid() at port/exec.c |