On Thu, Apr 26, 2001 at 05:20:53PM +0200, Peter Eisentraut wrote:
> will trillich writes:
> > i know "password" can be used in creating/altering user
> > information (as used via GRANT and REVOKE) but is there any
> > facility within postgres to CRYPT() a value?
>
> See contrib/pgcrypto for hashing functions.
Problem is the hashing functions are not good for
password storage.
A general question: what is the status on patch acceptance
now, after 7.1 is successfully released? I did not
want to fuzz around with new code when 7.1 was in freeze,
but what is the status now?
Specifically - pgcrypto current state:
In the pgsql/contrib:
* digest() / encode() - stable.
In my pgcrypto separate release:
* digest() / encode() / hmac() - stable. I have changed the internal interfaces compared to main CVS.
* crypt() / gen_salt() - stable. DES/MD5/Blowfish crypt() (Blowfish is unreleased). Code seems to be working quite
well.
* encrypt() / decrypt() - unstable. Not in the 'buggy'-sense, but the 0.3 encrypt() is unsatisfactory for long-term
storageand security and compatibility. Also their spec is confusing to users. In the next release they will be
renamedraw_encrypt() / raw_decrypt() as they really are interfaces to raw ciphers. I keep them coz they are good for
testingpgcrypto code ;) and also they are ok for crypting short strings.
* future: encrypt() / decrypt() will be minimal implementation of OpenPGP standard (RFC2440). "Symmetrically Encrypted
Data"with passwords. (Is it too big? - The crypted data needs some structure and I dont think inventing some own
formatis good.)
Now for this OpenPGP stuff I dont have ATM not even
alpha-quality code. So full release takes some time.
But hmac() and crypt() code is quite ok and there is no point
on me sitting on it alone.
So I would like to submit the mostly ready parts to main
tree. When is the right time for it?
--
marko