Re: Modern SHA2- based password hashes for pgcrypto

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Bernd Helmle <mailings(at)oopsware(dot)de>
Cc: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Modern SHA2- based password hashes for pgcrypto
Date: 2025-01-02 14:57:49
Message-ID: EB28D69B-3EA2-4A75-9ED0-7C8604941383@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> On 31 Dec 2024, at 17:06, Bernd Helmle <mailings(at)oopsware(dot)de> wrote:

> I adapted the code from the publicly available reference implementation
> at [1]. It's based on our existing OpenSSL infrastructure in pgcrypto
> and produces compatible password hashes with crypt() and "openssl
> passwd" with "-5" and "-6" switches.

Potentially daft question, but since we require OpenSSL to build pgcrypto, why
do we need to include sha2 code instead of using the sha2 implementation in
libcrypto? How complicated would it be to use the OpenSSL API instead?

--
Daniel Gustafsson

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bernd Helmle 2025-01-02 15:17:40 Re: Modern SHA2- based password hashes for pgcrypto
Previous Message Andres Freund 2025-01-02 14:40:49 Re: FileFallocate misbehaving on XFS