Re: Modern SHA2- based password hashes for pgcrypto

On Thu, 06 Feb 2025 at 11:20, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> wrote:
> On 2025-Jan-28, Bernd Helmle wrote:
>
>> Python's passlib is very strict when it comes to supported characters
>> within a salt string. It rejects everything thats not matching '[./0-
>> 9A-Za-z]'. So when you provide the example above you get
>
> The reason it uses these chars is that in their scheme the salt bytes
> are base64-encoded.
>
> The passlib docs has this page about the "modular crypt format":
> https://passlib.readthedocs.io/en/stable/modular_crypt_format.html
>
> and they point this other page as a "modern, non-ambiguous standard":
> https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md
> About the salt, this last document says:
>
> The role of salts is to achieve uniqueness. A random salt is fine for
> that as long as its length is sufficient; a 16-byte salt would work
> well (by definition, UUID are very good salts, and they encode over
> exactly 16 bytes). 16 bytes encode as 22 characters in B64. Functions
> should disallow salt values that are too small for security (4 bytes
> should be viewed as an absolute minimum).
>
> This "Password Hashing Competition" organization hardly seems an
> authority though. It'd be great to have an IETF standard about this ...

Yeah.

Since there is no standard, how do we handle this? I prefer to use the strict
mode like passlib.

--
Regrads,
Japin Li