| From: | Stephane Alnet <stephane(at)u-picardie(dot)fr> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [GENERAL] encrypted field |
| Date: | 1999-09-29 00:14:32 |
| Message-ID: | 37F159E8.632A04AA@u-picardie.fr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> > PS: Note that all crypted passwords are created with salt "HP" (my name
> > initials..) You can change that, or if you know C, you can do in a way that it
> > will pick two random characters (the way it should really be).
One quick remark: if you are serious about using hash (not encryption, strictly
speaking) as a protection: having a *random* salt is an important part of using
crypt(). "Static salt" (sounds weird, huh) reduces the strength of the algorithm
a lot.
> I also ran into a 'gotcha': crypt expects zero terminated
> strings, pg text type is a counted string.
> [...] anyone have any improvements, let me know
To avoid this "gotcha" and at the same time provide quality "hash", you may want
to look into functions like MD5 or SHA-1 which will accept anything as input (a
bit stream!) and generate a fixed-length, ASCII-text result.
Stéphane
PS: I have a working implementation of SHA-1 in C, if someone has the time /
experience / need to write a wrapper for pgsql... ;)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephane Alnet | 1999-09-29 00:15:38 | Re: [GENERAL] encrypted field |
| Previous Message | Shawn Pursley | 1999-09-28 21:45:31 | Is there some type of Daemon that can look at pgsql? |