Re: Modern SHA2- based password hashes for pgcrypto
Japin Li <japinli@hotmail.com>
From: Japin Li <japinli@hotmail.com>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>
Cc: Bernd Helmle <mailings@oopsware.de>, PostgreSQL Development
<pgsql-hackers@postgresql.org>
Date: 2025-02-08T02:16:40Z
Lists: pgsql-hackers
On Fri, 07 Feb 2025 at 10:31, Alvaro Herrera <alvherre@alvh.no-ip.org> wrote: > On 2025-Feb-07, Japin Li wrote: > >> Since there is no standard, how do we handle this? I prefer to use >> the strict mode like passlib. > > I definitely like that passlib have documented their thought process > thoroughly. > > I think using their strict mode is good on principle, but if we're going > to do that, then the salt string should not be used verbatim, but > instead base64-decoded first to get the actual salt bytes, like they do. > Does this break compabitibility with other systems? Are > passlib-generated password hashes incompatible with, say, "openssl > passwd" which you (Bernd) mentioned at the beginning of the thread? > Maybe if the password hashes are no longer compatible, then we should > ditch the idea of restricting salts to base64 chars and accept the whole > range of bytes, like Drepper. Thinking about compatibility, the Drepper's behavior is a good choice. Or we can accept the whole range of bytes except the $ character since it is a separator. Of course, it is also not compatible with other systems. > > But in any case ISTM we should reject, as they suggest, the use of less > than 4 bytes of salt (and should perhaps settle for a default of 16, as > passlib suggests). I suppose this is why passlib returns NULL with > empty salt. What we should do in that case IMO is ereport(ERROR). +1 -- Regrads, Japin Li
Commits
-
Follow-up fixes for SHA-2 patch (commit 749a9e20c).
- 969ab9d4f5d1 18.0 landed
-
Add modern SHA-2 based password hashes to pgcrypto.
- 749a9e20c979 18.0 landed