Re: [HACKERS] pgcrypto: add s2k-count

2016-03-09 Thread Alvaro Herrera
Jeff Janes wrote: > On Tue, Mar 8, 2016 at 4:09 PM, Alvaro Herrera > wrote: > Yeah, I find that pretty impenetrable too. I just treated it as a > black box, I changed how the number passed into it gets set, but not > the meaning of that number. Initially I had the user set the one-byte > forma

Re: [HACKERS] pgcrypto: add s2k-count

2016-03-09 Thread Jeff Janes
On Tue, Mar 8, 2016 at 4:09 PM, Alvaro Herrera wrote: > Jeff Janes wrote: >> pgcrypto supports s2k-mode for key-stretching during symmetric >> encryption, and even defaults to s2k-mode=3, which means configurable >> iterations. But it doesn't support s2k-count to actually set those >> iterations

Re: [HACKERS] pgcrypto: add s2k-count

2016-03-09 Thread Alvaro Herrera
Alvaro Herrera wrote: > Anyway, assuming that the iteration count was already being used > correctly, then as far as I'm concerned we're ready to go. The attached > patch is what I would commit. I read some more (gnupg code as well as our own) and applied some more tweaks, and pushed. -- Álvar

Re: [HACKERS] pgcrypto: add s2k-count

2016-03-08 Thread Alvaro Herrera
Jeff Janes wrote: > pgcrypto supports s2k-mode for key-stretching during symmetric > encryption, and even defaults to s2k-mode=3, which means configurable > iterations. But it doesn't support s2k-count to actually set those > iterations to be anything other than the default. If you are > interest

Re: [HACKERS] pgcrypto: add s2k-count

2016-02-11 Thread Michael Paquier
On Fri, Feb 12, 2016 at 2:46 AM, Robert Haas wrote: > On Wed, Feb 10, 2016 at 12:44 AM, Jeff Janes wrote: >> I did not bump the extension version. I realized the migration file >> would be empty, as there no change to SQL-level functionality (the new >> s2k-count is parsed out of a string down i

Re: [HACKERS] pgcrypto: add s2k-count

2016-02-11 Thread Robert Haas
On Wed, Feb 10, 2016 at 12:44 AM, Jeff Janes wrote: > pgcrypto supports s2k-mode for key-stretching during symmetric > encryption, and even defaults to s2k-mode=3, which means configurable > iterations. But it doesn't support s2k-count to actually set those > iterations to be anything other than

[HACKERS] pgcrypto: add s2k-count

2016-02-09 Thread Jeff Janes
pgcrypto supports s2k-mode for key-stretching during symmetric encryption, and even defaults to s2k-mode=3, which means configurable iterations. But it doesn't support s2k-count to actually set those iterations to be anything other than the default. If you are interested in key-stretching, the de