LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ubuntu security update to postgresql-8.3, postgresql-8.4

Ubuntu security update to postgresql-8.3, postgresql-8.4

Posted Oct 13, 2011 23:02 UTC (Thu) by bjartur (guest, #67801)
Parent article: Ubuntu security update to postgresql-8.3, postgresql-8.4

This is a severe understatement. Passwords containing only an equal number characters outside of ASCII, and characters outside of ASCII only all produce equivelent hashes. This is quite rare for ISO 8859-1 encoded text, but I wonder if there are any UTF-8 passwords with no single-octet characters out there on eastern hosts. Hosts with users who use non-latin scripts are extremely vulnurable to birthday attacks.

Disclaimer: My personal httpd is a custom (read: unsecured) Python script I wrote when I was ~13yo running as root on an outdated version of Ubuntu Desktop. And I admit so publicly on the Internet. Question my sanity.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds