Re: Encoding passwords

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Mike Arace <mikearace(at)hotmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Encoding passwords
Date: 2001-09-25 13:27:21
Message-ID: 20010925082721.A10331@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Tue, Sep 25, 2001 at 08:42:04AM -0400,
Mike Arace <mikearace(at)hotmail(dot)com> wrote:
>
> Is there a function out there for pg which allows you to generate a random
> number given a seed value? I'm trying to create a users table which would
> require the storage of a password in a database field, and I'm hesitant to
> put it in there in plain text, despite the fact I plan to put very tight
> restrictions on that particular table. Ideally, I would encode each letter
> one by one, using the random number generator with the previous letter as a
> seed for the next. I was told that certain unixes use a similar way to
> store their passwords, and it seemed to make sense for this application. I
> noticed that there is a rand() function, but I'm a little slow today and
> couldn't think a way to use that in this scenario. Any suggestions would be
> greatly appreciated.

The more normal way to do this is to store a cryptographic hash of the
password in the database and have the application calculate the hash
and compare that to the hash in the database. This approach won't work
if the database is used to store passwords for use by applications in
connecting to other services.

Typical cryptographic hash functions are SHA-1 and MD5 and you shouldn't
have much trouble finding libraries that provide these functions.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Frank Joerdens 2001-09-25 13:28:32 Re: virtual filesystem atop a PostgreSQL database
Previous Message Jan Pruner 2001-09-25 12:51:42 Fwd: Re: virtual filesystem atop a PostgreSQL database