Re: Modern SHA2- based password hashes for pgcrypto
Japin Li <japinli@hotmail.com>
From: Japin Li <japinli@hotmail.com>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>
Cc: Bernd Helmle <mailings@oopsware.de>, PostgreSQL Development
<pgsql-hackers@postgresql.org>
Date: 2025-01-27T04:28:16Z
Lists: pgsql-hackers
On Fri, 24 Jan 2025 at 19:06, Alvaro Herrera <alvherre@alvh.no-ip.org> wrote: > On 2025-Jan-24, Bernd Helmle wrote: > >> So we behave exactly the same way as px_crypt_md5(): It stops after the >> first '$' after the magic byte preamble. For shacrypt, this could be >> the next '$' after the closing one of the non-mandatory 'rounds' >> option, but with your example this doesn't happen since it gets never >> parsed. The salt length will be set to 0. > > IMO silently using no salt or 0 iterations because the input is somewhat > broken is bad security and should be rejected. If we did so in the past > without noticing, that's bad already, but we should not replicate that > behavior any further. > I agree with this point, so maybe we should fix this for px_crypt_md(). -- Regrads, Japin Li
Commits
-
Follow-up fixes for SHA-2 patch (commit 749a9e20c).
- 969ab9d4f5d1 18.0 landed
-
Add modern SHA-2 based password hashes to pgcrypto.
- 749a9e20c979 18.0 landed