| From: | Marko Kreen <marko(at)l-t(dot)ee> |
|---|---|
| To: | pgsql-announce(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org |
| Subject: | pgcrypto 0.4 |
| Date: | 2001-11-25 19:22:09 |
| Message-ID: | 20011125212209.A23229@l-t.ee |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-announce pgsql-general |
Hello,
Here's pgcrypto version 0.4. The same code will appear in
contrib/pgcrypto in PostgreSQL 7.2, this is a standalone release
for PostgreSQL 7.0.x and 7.1.x.
http://www.l-t.ee/marko/pgsql/pgcrypto-0.4.tar.gz
I consider 0.4.x versions a 'stable' branch as it is basically
feature-complete with what I planned in beginning.
Things it provides:
* digest(data, type) function for hashing.
Builtin algorithms: MD5, SHA1.
* hmac(data, key, type) function for RFC2104 Hashed Message
Authentication Codes - sort of a key'ed hashes.
Builtin algorithms: MD5, SHA1.
* UN*X like crypt(key, salt) and gen_salt(type)
old DES, extended DES, MD5 and Blowfish crypt.
* encrypt(data, key, type)/decrypt(...) functions.
Builtin algorithms: Blowfish, Rijndael/AES.
* encode()/decode() functions for base64/hex encoding.
For PostgreSQL 7.0/7.1, 7.2 has this in core.
* You can link it with external library to get more algorithms:
OpenSSL and MHASH+MCRYPT are currently supported.
Changes since 0.3:
==================
Features:
* Rijndael and Blowfish as builtin ciphers
* Blowfish crypt
* nicer regression tests
* lotsa source cleanups
Fixes:
* base64 now works...
* Uses bytea instead text for 8-bit data.
* oversized key to encrypt/decrypt corrupted memory
* decrypt did not remove padding bytes if data
was multiple of block size
Future
======
This could be called a '1.0' release as only near-term thing
missing are some source cleanups and more regression tests
to make sure it handles other ciphers beside AES and Blowfish
right (it probably does).
But there is a problem with encrypt/decrypt - namely they are
too simple. They dont use techniques as keygen, MAC-ing the
data and session keys which are rather mandatory in current
state-of-the-art cryptography.
So for 0.5.x series I plan to implement a subset of OpenPGP
standard - password based encryptionas - as pgp_encrypt() functions.
It should not be that hard, as lot of lower infrastructure is ready,
but I am not sure when I find time for it. So, if anyone is interested
in hacking crypto, you are welcome to give a hand.
--
marko
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2001-11-26 13:25:47 | PostgreSQL v7.2b3 Released |
| Previous Message | Helge Bahmann | 2001-11-12 17:26:31 | Re: psql -f backup.out || file too big - SOLVED |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | -wiseguy | 2001-11-25 20:07:55 | pl/perl won't build under 7.1.3 |
| Previous Message | Mancz, James | 2001-11-25 18:58:45 | Re: select extract and subqueries |