Re: Modern SHA2- based password hashes for pgcrypto
Alvaro Herrera <alvherre@alvh.no-ip.org>
From: Alvaro Herrera <alvherre@alvh.no-ip.org>
To: Bernd Helmle <mailings@oopsware.de>
Cc: Japin Li <japinli@hotmail.com>, PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2025-01-24T18:06:21Z
Lists: pgsql-hackers
On 2025-Jan-24, Bernd Helmle wrote: > So we behave exactly the same way as px_crypt_md5(): It stops after the > first '$' after the magic byte preamble. For shacrypt, this could be > the next '$' after the closing one of the non-mandatory 'rounds' > option, but with your example this doesn't happen since it gets never > parsed. The salt length will be set to 0. IMO silently using no salt or 0 iterations because the input is somewhat broken is bad security and should be rejected. If we did so in the past without noticing, that's bad already, but we should not replicate that behavior any further. -- Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/ "Doing what he did amounts to sticking his fingers under the hood of the implementation; if he gets his fingers burnt, it's his problem." (Tom Lane)
Commits
-
Follow-up fixes for SHA-2 patch (commit 749a9e20c).
- 969ab9d4f5d1 18.0 landed
-
Add modern SHA-2 based password hashes to pgcrypto.
- 749a9e20c979 18.0 landed