pgcrypto support for bcrypt $2b$ hashes

From: Daniel Fone <daniel(at)fone(dot)net(dot)nz>
To: pgsql-hackers(at)postgresql(dot)org
Subject: pgcrypto support for bcrypt $2b$ hashes
Date: 2021-09-24 02:12:08
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


I've recently been working with a database containing bcrypt hashes generated by a 3rd-party which use the $2b$ prefix. This prefix was introduced in 2014 and has since been recognised by a number of bcrypt implementations. [1][2][3][4]

At the moment, pgcrypto’s `crypt` doesn’t recognise this prefix. However, simply `replace`ing the prefix with $2a$ allows crypt to validate the hashes. This patch simply adds recognition for the prefix and treats the hash identically to the $2a$ hashes.

Is this a reasonable change to pgcrypto? I note that the last upstream change brought into crypt-blowfish.c was in 2011, predating this prefix. [5] Are there deeper concerns or other upstream changes that need to be addressed alongside this? Is there a better approach to this?

At the moment, the $2x$ variant is supported but not mentioned in the docs, so I haven’t included any documentation updates.




Attachment Content-Type Size
recognise-bcrypt-2b.patch.txt text/plain 2.2 KB


Browse pgsql-hackers by date

  From Date Subject
Next Message Fujii Masao 2021-09-24 02:26:12 Re: pgbench bug candidate: negative "initial connection time"
Previous Message Masahiko Sawada 2021-09-24 01:31:09 Re: Skipping logical replication transactions on subscriber side