status after 7.1 and pgcrypto update / crypt(table.field) ?

On Thu, Apr 26, 2001 at 05:20:53PM +0200, Peter Eisentraut wrote:
> will trillich writes:
> > i know "password" can be used in creating/altering user
> > information (as used via GRANT and REVOKE) but is there any
> > facility within postgres to CRYPT() a value?
>
> See contrib/pgcrypto for hashing functions.

Problem is the hashing functions are not good for
password storage.

A general question: what is the status on patch acceptance
now, after 7.1 is successfully released? I did not
want to fuzz around with new code when 7.1 was in freeze,
but what is the status now?

Specifically - pgcrypto current state:

In the pgsql/contrib:

* digest() / encode() - stable.

In my pgcrypto separate release:

* digest() / encode() / hmac() - stable.
I have changed the internal interfaces compared to main CVS.

* crypt() / gen_salt() - stable. DES/MD5/Blowfish crypt()
(Blowfish is unreleased). Code seems to be working quite
well.

* encrypt() / decrypt() - unstable. Not in the 'buggy'-sense,
but the 0.3 encrypt() is unsatisfactory for long-term storage
and security and compatibility. Also their spec is confusing
to users. In the next release they will be renamed
raw_encrypt() / raw_decrypt() as they really are interfaces
to raw ciphers. I keep them coz they are good for testing
pgcrypto code ;) and also they are ok for crypting short
strings.

* future: encrypt() / decrypt() will be minimal implementation
of OpenPGP standard (RFC2440). "Symmetrically Encrypted Data"
with passwords. (Is it too big? - The crypted data needs some
structure and I dont think inventing some own format is good.)

Now for this OpenPGP stuff I dont have ATM not even
alpha-quality code. So full release takes some time.
But hmac() and crypt() code is quite ok and there is no point
on me sitting on it alone.

So I would like to submit the mostly ready parts to main
tree. When is the right time for it?

--
marko