> > PS: Note that all crypted passwords are created with salt "HP" (my name
> > initials..) You can change that, or if you know C, you can do in a way that it
> > will pick two random characters (the way it should really be).
One quick remark: if you are serious about using hash (not encryption, strictly
speaking) as a protection: having a *random* salt is an important part of using
crypt(). "Static salt" (sounds weird, huh) reduces the strength of the algorithm
a lot.
> I also ran into a 'gotcha': crypt expects zero terminated
> strings, pg text type is a counted string.
> [...] anyone have any improvements, let me know
To avoid this "gotcha" and at the same time provide quality "hash", you may want
to look into functions like MD5 or SHA-1 which will accept anything as input (a
bit stream!) and generate a fixed-length, ASCII-text result.
Stéphane
PS: I have a working implementation of SHA-1 in C, if someone has the time /
experience / need to write a wrapper for pgsql... ;)
