On Thu, Apr 26, 2001 at 05:20:53PM +0200, Peter Eisentraut wrote: > will trillich writes: > > i know "password" can be used in creating/altering user > > information (as used via GRANT and REVOKE) but is there any > > facility within postgres to CRYPT() a value? > > See contrib/pgcrypto for hashing functions. Problem is the hashing functions are not good for password storage. A general question: what is the status on patch acceptance now, after 7.1 is successfully released? I did not want to fuzz around with new code when 7.1 was in freeze, but what is the status now? Specifically - pgcrypto current state: In the pgsql/contrib: * digest() / encode() - stable. In my pgcrypto separate release: * digest() / encode() / hmac() - stable. I have changed the internal interfaces compared to main CVS. * crypt() / gen_salt() - stable. DES/MD5/Blowfish crypt() (Blowfish is unreleased). Code seems to be working quite well. * encrypt() / decrypt() - unstable. Not in the 'buggy'-sense, but the 0.3 encrypt() is unsatisfactory for long-term storage and security and compatibility. Also their spec is confusing to users. In the next release they will be renamed raw_encrypt() / raw_decrypt() as they really are interfaces to raw ciphers. I keep them coz they are good for testing pgcrypto code ;) and also they are ok for crypting short strings. * future: encrypt() / decrypt() will be minimal implementation of OpenPGP standard (RFC2440). "Symmetrically Encrypted Data" with passwords. (Is it too big? - The crypted data needs some structure and I dont think inventing some own format is good.) Now for this OpenPGP stuff I dont have ATM not even alpha-quality code. So full release takes some time. But hmac() and crypt() code is quite ok and there is no point on me sitting on it alone. So I would like to submit the mostly ready parts to main tree. When is the right time for it? -- marko ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
