Re: Encrypted column

On 6/5/07, Tino Wildenhain <tino@wildenhain.de> wrote:
> Ranieri Mazili schrieb:
> > Hello,
> >
> > I need to store users and passwords on a table and I want to store it
> > encrypted, but I don't found documentation about it, how can I create a
> > table with columns "user" and "password" with column "password"
> > encrypted and how can I check if "user" and "password" are correct using
> > a sql query ?
>
> Passwords are usually not encrypted but hashed instead. A common hash
> function is available in postgres w/o any additional extension:
>
> md5()
>
> The rule is, if two hashes compare equal, then the original data must
> be equal (yes, there are chances for collisions, but practically very
> low. See also sha1 and friends in the pgcrypto contrib module)
>
> Regards
> Tino
>

Remember, you would also want to add some sort of salt before you ran
the hash, otherwise your password list is vulnerable to a simple
brute-force attack.