Re: Modern SHA2- based password hashes for pgcrypto
Japin Li <japinli@hotmail.com>
From: Japin Li <japinli@hotmail.com>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>
Cc: Bernd Helmle <mailings@oopsware.de>, PostgreSQL Development
<pgsql-hackers@postgresql.org>
Date: 2025-02-07T08:17:11Z
Lists: pgsql-hackers
On Thu, 06 Feb 2025 at 11:20, Alvaro Herrera <alvherre@alvh.no-ip.org> wrote: > On 2025-Jan-28, Bernd Helmle wrote: > >> Python's passlib is very strict when it comes to supported characters >> within a salt string. It rejects everything thats not matching '[./0- >> 9A-Za-z]'. So when you provide the example above you get > > The reason it uses these chars is that in their scheme the salt bytes > are base64-encoded. > > The passlib docs has this page about the "modular crypt format": > https://passlib.readthedocs.io/en/stable/modular_crypt_format.html > > and they point this other page as a "modern, non-ambiguous standard": > https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md > About the salt, this last document says: > > The role of salts is to achieve uniqueness. A random salt is fine for > that as long as its length is sufficient; a 16-byte salt would work > well (by definition, UUID are very good salts, and they encode over > exactly 16 bytes). 16 bytes encode as 22 characters in B64. Functions > should disallow salt values that are too small for security (4 bytes > should be viewed as an absolute minimum). > > This "Password Hashing Competition" organization hardly seems an > authority though. It'd be great to have an IETF standard about this ... Yeah. Since there is no standard, how do we handle this? I prefer to use the strict mode like passlib. -- Regrads, Japin Li
Commits
-
Follow-up fixes for SHA-2 patch (commit 749a9e20c).
- 969ab9d4f5d1 18.0 landed
-
Add modern SHA-2 based password hashes to pgcrypto.
- 749a9e20c979 18.0 landed