From: | Josh Kupershmidt <schmiddy(at)gmail(dot)com> |
---|---|
To: | "ROMAIN, ERICKA W CTR DISA PEO-MA" <ericka(dot)romain(dot)ctr(at)disa(dot)mil> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: How To Change Password Hash Algorithm From MD5 to SHA-256 |
Date: | 2012-06-08 19:06:23 |
Message-ID: | CAK3UJRF9yE=qrHMp3A4dkwjRdbZ+Gwq1_aB=eTfERrnWYOmb6w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On Thu, Jun 7, 2012 at 8:12 AM, ROMAIN, ERICKA W CTR DISA PEO-MA
<ericka(dot)romain(dot)ctr(at)disa(dot)mil> wrote:
> I am trying to get Postgres to use SHA as the password hash algorithm instead of MD5. This is a security requirement. I am running PostgreSQL 8.4 on a Red Hat Linux platform. I have installed pgcrypto and ran pgcrypto.sql. I also created a function SHA-256. The function looks like:
>
> CREATE OR REPLACE FUNCTION sha256(bytea) returns text AS $$
> SELECT encode(digest($1, 'sha256'), 'hex')
> $$ LANGUAGE SQL STRICT IMMUTABLE;
>
> I then created a new user. Then I queried pg_shadow and the encrypted password still has md5 at the beginning of the hash. How do I get postgres to use SHA-256?
Well, the function you created has nothing to do with how Postgres
handles password authentication. A whole bunch of places in the code
are hardcoded to assume that password hashing and authentication are
done with MD5, and you'd have to change them all to support SHA-256
password hashing instead. Also, all clients connecting to your server
would have to be using your modified version of libpq to authenticate
to your modified server.
Josh
From | Date | Subject | |
---|---|---|---|
Next Message | René Romero Benavides | 2012-06-08 19:13:21 | Re: Creating a Read Only profile in 8.4 |
Previous Message | Kevin Grittner | 2012-06-08 18:20:11 | Re: Question about PITR backup |