Search Postgresql Archives

Re: Encrypted column

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marko Kreen schrieb:
On 6/5/07, Tino Wildenhain <tino@xxxxxxxxxxxxx> wrote:
Ranieri Mazili schrieb:
> Hello,
>
> I need to store users and passwords on a table and I want to store it
> encrypted, but I don't found documentation about it, how can I create a
> table with columns "user" and "password" with column "password"
> encrypted and how can I check if "user" and "password" are correct using
> a sql query ?

Passwords are usually not encrypted but hashed instead. A common hash
function is available in postgres w/o any additional extension:

md5()

The rule is, if two hashes compare equal, then the original data must
be equal (yes, there are chances for collisions, but practically very
low. See also sha1 and friends in the pgcrypto contrib module)

Both md5 and sha1 are bad for passwords, no salt and easy to
bruteforce - due to the tiny amount of data in passwords.

Err. I did not mention salt but nobody prevents you from using
a salt with md5 and sha.

Regards
Tino


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux