Thread: Re: Modern SHA2- based password hashes for pgcrypto

Re: Modern SHA2- based password hashes for pgcrypto

From
Daniel Gustafsson
Date:
> On 31 Dec 2024, at 17:06, Bernd Helmle <mailings@oopsware.de> wrote:

> I adapted the code from the publicly available reference implementation
> at [1]. It's based on our existing OpenSSL infrastructure in pgcrypto
> and produces compatible password hashes with crypt() and "openssl
> passwd" with "-5" and "-6" switches.

Potentially daft question, but since we require OpenSSL to build pgcrypto, why
do we need to include sha2 code instead of using the sha2 implementation in
libcrypto? How complicated would it be to use the OpenSSL API instead?

--
Daniel Gustafsson




Re: Modern SHA2- based password hashes for pgcrypto

From
Bernd Helmle
Date:
Am Donnerstag, dem 02.01.2025 um 15:57 +0100 schrieb Daniel Gustafsson:
> > I adapted the code from the publicly available reference
> > implementation
> > at [1]. It's based on our existing OpenSSL infrastructure in
> > pgcrypto
> > and produces compatible password hashes with crypt() and "openssl
> > passwd" with "-5" and "-6" switches.
>
> Potentially daft question, but since we require OpenSSL to build
> pgcrypto, why
> do we need to include sha2 code instead of using the sha2
> implementation in
> libcrypto? How complicated would it be to use the OpenSSL API
> instead?

Not sure i got you, but i use OpenSSL and the SHA2 implementation
there. See the pgcrypto px_* API (px.h and openssl.c respectively) i am
using to create the digests.

Thanks,
    Bernd




Re: Modern SHA2- based password hashes for pgcrypto

From
Daniel Gustafsson
Date:
> On 2 Jan 2025, at 16:17, Bernd Helmle <mailings@oopsware.de> wrote:
> 
> Am Donnerstag, dem 02.01.2025 um 15:57 +0100 schrieb Daniel Gustafsson:
>>> I adapted the code from the publicly available reference
>>> implementation
>>> at [1]. It's based on our existing OpenSSL infrastructure in
>>> pgcrypto
>>> and produces compatible password hashes with crypt() and "openssl
>>> passwd" with "-5" and "-6" switches.
>> 
>> Potentially daft question, but since we require OpenSSL to build
>> pgcrypto, why
>> do we need to include sha2 code instead of using the sha2
>> implementation in
>> libcrypto? How complicated would it be to use the OpenSSL API
>> instead?
> 
> Not sure i got you, but i use OpenSSL and the SHA2 implementation
> there. See the pgcrypto px_* API (px.h and openssl.c respectively) i am
> using to create the digests.

Sorry, skimming the patch I misread it, nevermind.

--
Daniel Gustafsson