Hi
There are several problems with this slides:
17: No authentication shown, as this is done by the system, not postgresql. So there are no credentials.
30: The complexity of a PAN is similar to a password. If you ever use any standard hash on it you are toast. If you got four digits ready, the remaining complexity is 10^12 or somewhere near 2^43, which is clearly doable in gpu-land.
Xof
· 28 November 2015
17. You are missing the point. Default passwords are not acceptable under PCI, including the postgres account using trust or peer authentication.
30. Hashing with a strong cryptographic hash is permitted under PCI.
Comments
Bastian · 28 November 2015
Hi There are several problems with this slides: 17: No authentication shown, as this is done by the system, not postgresql. So there are no credentials. 30: The complexity of a PAN is similar to a password. If you ever use any standard hash on it you are toast. If you got four digits ready, the remaining complexity is 10^12 or somewhere near 2^43, which is clearly doable in gpu-land.Xof · 28 November 2015
17. You are missing the point. Default passwords are not acceptable under PCI, including the postgres account using trust or peer authentication. 30. Hashing with a strong cryptographic hash is permitted under PCI.