Re: Modern SHA2- based password hashes for pgcrypto
Bernd Helmle <mailings@oopsware.de>
From: Bernd Helmle <mailings@oopsware.de>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-01-02T15:17:40Z
Lists: pgsql-hackers
Am Donnerstag, dem 02.01.2025 um 15:57 +0100 schrieb Daniel Gustafsson: > > I adapted the code from the publicly available reference > > implementation > > at [1]. It's based on our existing OpenSSL infrastructure in > > pgcrypto > > and produces compatible password hashes with crypt() and "openssl > > passwd" with "-5" and "-6" switches. > > Potentially daft question, but since we require OpenSSL to build > pgcrypto, why > do we need to include sha2 code instead of using the sha2 > implementation in > libcrypto? How complicated would it be to use the OpenSSL API > instead? Not sure i got you, but i use OpenSSL and the SHA2 implementation there. See the pgcrypto px_* API (px.h and openssl.c respectively) i am using to create the digests. Thanks, Bernd
Commits
-
Follow-up fixes for SHA-2 patch (commit 749a9e20c).
- 969ab9d4f5d1 18.0 landed
-
Add modern SHA-2 based password hashes to pgcrypto.
- 749a9e20c979 18.0 landed