|From:||Daniel Fone <daniel(at)fone(dot)net(dot)nz>|
|To:||Daniel Gustafsson <daniel(at)yesql(dot)se>|
|Subject:||Re: pgcrypto support for bcrypt $2b$ hashes|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
Thanks for the feedback.
> On 26/09/2021, at 12:09 AM, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> But 2b and 2a hashes aren't equal, although very similar. 2a should have the
> many-buggy to one-correct collision safety and 2b hashes shouldn't. The fact
> that your hashes work isn't conclusive evidence.
I was afraid this might be a bit naive. Re-reading the crypt_blowfish release notes, it’s principally the changes introducing $2y$ into 1.2 that we need, with support for OpenBSD $2b$ introduced in 1.3. Do I understand this correctly?
> Upgrading our crypt_blowfish.c to the upstream 1.3 version would be the correct
> fix IMO, but since we have a few local modifications it's not a drop-in. I
> don't think it would be too hairy, but one needs to be very careful when
> dealing with crypto.
My C experience is limited, but I can make an initial attempt if the effort would be worthwhile. Is this realistically a patch that a newcomer to the codebase should attempt?
> Actually it is, in table F.16 in the below documentation page we refer to our
> supported level as "Blowfish-based, variant 2a”.
Sorry I wasn’t clear. My point was that the docs only mention $2a$, and $2x$ isn’t mentioned even though pgcrypto supports it. As part of the upgrade to 1.3, perhaps the docs can be updated to mention variants x, y, and b as well.
|Next Message||Amit Kapila||2021-09-28 03:29:51||Re: Column Filtering in Logical Replication|
|Previous Message||Amit Kapila||2021-09-28 03:01:45||Re: two_phase commit parameter used in subscription for a publication which is on < 15.|