Re: Modern SHA2- based password hashes for pgcrypto

Bernd Helmle <mailings@oopsware.de>

From: Bernd Helmle <mailings@oopsware.de>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-01-02T15:17:40Z
Lists: pgsql-hackers
Am Donnerstag, dem 02.01.2025 um 15:57 +0100 schrieb Daniel Gustafsson:
> > I adapted the code from the publicly available reference
> > implementation
> > at [1]. It's based on our existing OpenSSL infrastructure in
> > pgcrypto
> > and produces compatible password hashes with crypt() and "openssl
> > passwd" with "-5" and "-6" switches.
> 
> Potentially daft question, but since we require OpenSSL to build
> pgcrypto, why
> do we need to include sha2 code instead of using the sha2
> implementation in
> libcrypto? How complicated would it be to use the OpenSSL API
> instead?

Not sure i got you, but i use OpenSSL and the SHA2 implementation
there. See the pgcrypto px_* API (px.h and openssl.c respectively) i am
using to create the digests.

Thanks,
	Bernd




Commits

  1. Follow-up fixes for SHA-2 patch (commit 749a9e20c).

  2. Add modern SHA-2 based password hashes to pgcrypto.