Re: Modern SHA2- based password hashes for pgcrypto

Hello Bernd,

On 2025-Jan-14, Bernd Helmle wrote:

> > It's been said in my presence that pgcrypto is obsolete and
> > shouldn't be used anymore.  I'm not sure I believe that, but even if
> > that's true, it's clear that there's plenty of people who has an
> > interest on it, so I don't see that as an objection to reject this
> > work.  So let's move on.
>
> Oh, that's news to me. Is there a plan for it somewhere? I agree that
> pgcrypto is widley used and needs a proper replacement when we decide
> to deprecate it.

I don't know about a plan, but
https://www.youtube.com/watch?v=pp6xdr3TuWM&t=1088s

> I originally thought about StringInfo but went with just the fixed
> length character buffers since we access them directly anyways (and the
> px_*/OpenSSL API needs char * ).

Note that you can access the char * via StringInfo->data. Just don't
modify it without the StringInfo APIs.

> > Some of your elog(ERROR)s should probably be ereport(), and I'm not
> > sure we want all the elog(DEBUG1)s.
>
> I added them during development. I am not married to them, but found
> them useful during testing. If we come to the conclusion they're not
> really that important, i drop them entirely.

Yeah, the DEBUGs are a pretty minor issue -- it's easy to remove them
afterwards. For any actual error condition that's not a "can't happen"
one, please use ereport() for consistency. (There's no translation
support for contrib, so they won't be translated anyway.)

--
Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
"No deja de ser humillante para una persona de ingenio saber
que no hay tonto que no le pueda enseñar algo." (Jean B. Say)