Skip site navigation (1) Skip section navigation (2)

status after 7.1 and pgcrypto update / crypt(table.field) ?

From: Marko Kreen <marko(at)l-t(dot)ee>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: status after 7.1 and pgcrypto update / crypt(table.field) ?
Date: 2001-04-26 20:03:09
Message-ID: 20010426220308.A3683@l-t.ee (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-hackers
On Thu, Apr 26, 2001 at 05:20:53PM +0200, Peter Eisentraut wrote:
> will trillich writes:
> > i know "password" can be used in creating/altering user
> > information (as used via GRANT and REVOKE) but is there any
> > facility within postgres to CRYPT() a value?
> 
> See contrib/pgcrypto for hashing functions.

Problem is the hashing functions are not good for
password storage.


A general question: what is the status on patch acceptance
now, after 7.1 is successfully released?  I did not
want to fuzz around with new code when 7.1 was in freeze,
but what is the status now?

Specifically - pgcrypto current state:

In the pgsql/contrib:

* digest() / encode() - stable.

In my pgcrypto separate release:

* digest() / encode() / hmac() - stable.
  I have changed the internal interfaces compared to main CVS.

* crypt() / gen_salt() - stable.  DES/MD5/Blowfish crypt()
  (Blowfish is unreleased).  Code seems to be working quite
  well.

* encrypt() / decrypt() - unstable.  Not in the 'buggy'-sense,
  but the 0.3 encrypt() is unsatisfactory for long-term storage
  and security and compatibility.  Also their spec is confusing
  to users.  In the next release they will be renamed
  raw_encrypt() / raw_decrypt() as they really are interfaces
  to raw ciphers.  I keep them coz they are good for testing
  pgcrypto code ;) and also they are ok for crypting short
  strings.

* future: encrypt() / decrypt() will be minimal implementation
  of OpenPGP standard (RFC2440). "Symmetrically Encrypted Data"
  with passwords.  (Is it too big? - The crypted data needs some
  structure and I dont think inventing some own format is good.)

Now for this OpenPGP stuff I dont have ATM not even
alpha-quality code.  So full release takes some time.
But hmac() and crypt() code is quite ok and there is no point
on me sitting on it alone.

So I would like to submit the mostly ready parts to main
tree.  When is the right time for it?


-- 
marko


In response to

Responses

pgsql-hackers by date

Next:From: Marko KreenDate: 2001-04-26 20:32:27
Subject: Re: crypt(table.field) ?
Previous:From: J.H.M. Dassen RayDate: 2001-04-26 19:37:10
Subject: Re: crypt(table.field) ?

pgsql-general by date

Next:From: SteagusDate: 2001-04-26 20:16:16
Subject: SQL Where LIKE - Range it!
Previous:From: J.H.M. Dassen RayDate: 2001-04-26 19:53:32
Subject: Re: random rows

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group