Search Postgresql Archives

Re: password management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/05/2010 12:01 PM, Craig Ringer wrote:

craig=> create or replace function extract_salt(text) returns text as $$
craig$> select (regexp_matches($1, E'^(\\$[^\\$]+\\$[^\\$]+)\\$'))[1];
craig$> $$ language sql immutable;

Upon re-reading the pgcrypto documentation I see that this is unnecessary.

Just pass the password hash as the salt. Pgcrypto will extract the salt part of the hash its self. (otherwise, how could you check passwords?)

So - just as if you were testing authentication, crypt the user's new password plaintext against each of the old password hashes using the old password hash as salt, and see if the output hash is the same as the old password hash. If it is, they've re-used the password.

--
Craig Ringer

--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux