Re: Modern SHA2- based password hashes for pgcrypto
Alvaro Herrera <alvherre@alvh.no-ip.org>
From: Alvaro Herrera <alvherre@alvh.no-ip.org>
To: Bernd Helmle <mailings@oopsware.de>
Cc: Japin Li <japinli@hotmail.com>, PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2025-01-14T10:47:21Z
Lists: pgsql-hackers
Hello Bernd, On 2025-Jan-14, Bernd Helmle wrote: > > It's been said in my presence that pgcrypto is obsolete and > > shouldn't be used anymore. I'm not sure I believe that, but even if > > that's true, it's clear that there's plenty of people who has an > > interest on it, so I don't see that as an objection to reject this > > work. So let's move on. > > Oh, that's news to me. Is there a plan for it somewhere? I agree that > pgcrypto is widley used and needs a proper replacement when we decide > to deprecate it. I don't know about a plan, but https://www.youtube.com/watch?v=pp6xdr3TuWM&t=1088s > I originally thought about StringInfo but went with just the fixed > length character buffers since we access them directly anyways (and the > px_*/OpenSSL API needs char * ). Note that you can access the char * via StringInfo->data. Just don't modify it without the StringInfo APIs. > > Some of your elog(ERROR)s should probably be ereport(), and I'm not > > sure we want all the elog(DEBUG1)s. > > I added them during development. I am not married to them, but found > them useful during testing. If we come to the conclusion they're not > really that important, i drop them entirely. Yeah, the DEBUGs are a pretty minor issue -- it's easy to remove them afterwards. For any actual error condition that's not a "can't happen" one, please use ereport() for consistency. (There's no translation support for contrib, so they won't be translated anyway.) -- Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/ "No deja de ser humillante para una persona de ingenio saber que no hay tonto que no le pueda enseñar algo." (Jean B. Say)
Commits
-
Follow-up fixes for SHA-2 patch (commit 749a9e20c).
- 969ab9d4f5d1 18.0 landed
-
Add modern SHA-2 based password hashes to pgcrypto.
- 749a9e20c979 18.0 landed