Re: Modern SHA2- based password hashes for pgcrypto

Japin Li <japinli@hotmail.com>

From: Japin Li <japinli@hotmail.com>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>
Cc: Bernd Helmle <mailings@oopsware.de>, PostgreSQL Development <pgsql-hackers@postgresql.org>
Date: 2025-01-27T04:28:16Z
Lists: pgsql-hackers
On Fri, 24 Jan 2025 at 19:06, Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
> On 2025-Jan-24, Bernd Helmle wrote:
>
>> So we behave exactly the same way as px_crypt_md5(): It stops after the
>> first '$' after the magic byte preamble. For shacrypt, this could be
>> the next '$' after the closing one of the non-mandatory 'rounds'
>> option, but with your example this doesn't happen since it gets never
>> parsed. The salt length will be set to 0.
>
> IMO silently using no salt or 0 iterations because the input is somewhat
> broken is bad security and should be rejected.  If we did so in the past
> without noticing, that's bad already, but we should not replicate that
> behavior any further.
>

I agree with this point, so maybe we should fix this for px_crypt_md().

-- 
Regrads,
Japin Li



Commits

  1. Follow-up fixes for SHA-2 patch (commit 749a9e20c).

  2. Add modern SHA-2 based password hashes to pgcrypto.