Re: How To Change Password Hash Algorithm From MD5 to SHA-256
| От | Josh Kupershmidt |
|---|---|
| Тема | Re: How To Change Password Hash Algorithm From MD5 to SHA-256 |
| Дата | |
| Msg-id | CAK3UJRF9yE=qrHMp3A4dkwjRdbZ+Gwq1_aB=eTfERrnWYOmb6w@mail.gmail.com обсуждение исходный текст |
| Ответ на | How To Change Password Hash Algorithm From MD5 to SHA-256 ("ROMAIN, ERICKA W CTR DISA PEO-MA" <ericka.romain.ctr@disa.mil>) |
| Список | pgsql-admin |
On Thu, Jun 7, 2012 at 8:12 AM, ROMAIN, ERICKA W CTR DISA PEO-MA <ericka.romain.ctr@disa.mil> wrote: > I am trying to get Postgres to use SHA as the password hash algorithm instead of MD5. This is a security requirement. Iam running PostgreSQL 8.4 on a Red Hat Linux platform. I have installed pgcrypto and ran pgcrypto.sql. I also created afunction SHA-256. The function looks like: > > CREATE OR REPLACE FUNCTION sha256(bytea) returns text AS $$ > SELECT encode(digest($1, 'sha256'), 'hex') > $$ LANGUAGE SQL STRICT IMMUTABLE; > > I then created a new user. Then I queried pg_shadow and the encrypted password still has md5 at the beginning of the hash.How do I get postgres to use SHA-256? Well, the function you created has nothing to do with how Postgres handles password authentication. A whole bunch of places in the code are hardcoded to assume that password hashing and authentication are done with MD5, and you'd have to change them all to support SHA-256 password hashing instead. Also, all clients connecting to your server would have to be using your modified version of libpq to authenticate to your modified server. Josh
В списке pgsql-admin по дате отправления: