The following bug has been logged on the website:
Bug reference: 6434
Logged by: Christian Hammers
Email address: ch@lathspell.de
PostgreSQL version: 9.1.2
Operating system: Debian GNU/Linux
Description:=20=20=20=20=20=20=20=20
The crypt() function from the pgcrypto extension is great to store and check
passwords in a format that can also be used by Linux PAM and all programming
languages that support the libc crypt() function.
Recent Linux versions started to use a crypt algorithm that is based on
SHA-512 and stores hashes in the form "$6$xxsaltxx$....." but Postgres can
only hash/verify password hashes in the old DES or the "$1$xxsaltxx$..." MD5
based format.
It would be nice if the pgcrypt extension would be extendet to support the
new SHA-256 and SHA-512 algorithms.
Further documentation on the libc implementation can be found on
http://www.akkadia.org/drepper/SHA-crypt.txt but you can probably copy it
from the OpenBSD source like you did with crypt-md5.c.
Testcase in SQL:
SELECT crypt('geheim', '$6$xxxxxxxx$');
Does give "$6C0C9PsKORBQ" but should lead to
"$6$xxxxxxxx$wuSdyeOvQXjj/nNoWnjjo.6OxUWrQFRIj019kh1cDpun6l6cpr3ywSrBprYRYZ=
Xcm4Kv9lboCEFI3GzBkdNAz/"
