Re: Modern SHA2- based password hashes for pgcrypto
Bernd Helmle <mailings@oopsware.de>
From: Bernd Helmle <mailings@oopsware.de>
To: Tom Lane <tgl@sss.pgh.pa.us>, Alvaro Herrera <alvherre@alvh.no-ip.org>,
Andres Freund <andres@anarazel.de>
Cc: Japin Li <japinli@hotmail.com>, PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2025-04-07T11:48:49Z
Lists: pgsql-hackers
Attachments
- 0001-Follow-up-fixes-for-commit-749a9e20c9790006f3af47f7a.patch (text/x-patch) patch 0001
Am Sonntag, dem 06.04.2025 um 15:43 -0400 schrieb Tom Lane:
> I'd be more comfortable with a check like
>
> if (strchr("...valid chars...", *ep) != NULL)
>
> It looks like "_crypt_itoa64" might be directly usable as the
> valid-chars string, too. (BTW, why is _crypt_itoa64 not
> marked const?)
Here is a patch that tries to address all these issues (including
Andres' report). I've adjusted the error message and use ereport(), so
it might be more useful if we deal with not just single byte letters.
I've also changed _crypt_itoa64 from unsigned char to char, since this
seems what strchr() expects (at least on my machine) and we don't deal
specifically elsewhere with that.
Thanks,
Bernd
Commits
-
Follow-up fixes for SHA-2 patch (commit 749a9e20c).
- 969ab9d4f5d1 18.0 landed
-
Add modern SHA-2 based password hashes to pgcrypto.
- 749a9e20c979 18.0 landed