Re: Encrypted column

From: "Brian Mathis" <brian(dot)mathis(at)gmail(dot)com>
To: "Tino Wildenhain" <tino(at)wildenhain(dot)de>
Cc: "Ranieri Mazili" <ranieri(dot)oliveira(at)terra(dot)com(dot)br>, pgsql-general(at)postgresql(dot)org, pgsql-sql(at)postgresql(dot)org
Subject: Re: Encrypted column
Date: 2007-06-05 13:31:02
Message-ID: 183c528b0706050631q63c64a43t3981002ad822632d@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-sql

On 6/5/07, Tino Wildenhain <tino(at)wildenhain(dot)de> wrote:
> Ranieri Mazili schrieb:
> > Hello,
> >
> > I need to store users and passwords on a table and I want to store it
> > encrypted, but I don't found documentation about it, how can I create a
> > table with columns "user" and "password" with column "password"
> > encrypted and how can I check if "user" and "password" are correct using
> > a sql query ?
>
> Passwords are usually not encrypted but hashed instead. A common hash
> function is available in postgres w/o any additional extension:
>
> md5()
>
> The rule is, if two hashes compare equal, then the original data must
> be equal (yes, there are chances for collisions, but practically very
> low. See also sha1 and friends in the pgcrypto contrib module)
>
> Regards
> Tino
>

Remember, you would also want to add some sort of salt before you ran
the hash, otherwise your password list is vulnerable to a simple
brute-force attack.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Ron Johnson 2007-06-05 13:33:44 Re: Database design wisdom needed
Previous Message Ragnar 2007-06-05 13:30:15 Re: Foreign keys and indexes

Browse pgsql-sql by date

  From Date Subject
Next Message Sean Davis 2007-06-05 13:42:27 Re: JOIN
Previous Message Andrew Sullivan 2007-06-05 13:25:46 Re: the right time to vacuum database?