Add modern SHA-2 based password hashes to pgcrypto.

This adapts the publicly available reference implementation on https://www.akkadia.org/drepper/SHA-crypt.txt and adds the new hash algorithms sha256crypt and sha512crypt to crypt() and gen_salt() respectively. Author: Bernd Helmle <mailings@oopsware.de> Reviewed-by: Japin Li <japinli@hotmail.com> Discussion: https://postgr.es/m/c763235a2757e2f5f9e3e27268b9028349cef659.camel@oopsware.de
2025-07-28 23:42:10 +03:00 · 2025-04-05 19:16:58 +02:00
parent e33f2335a9
commit 749a9e20c9
9 changed files with 1114 additions and 2 deletions
--- a/doc/src/sgml/pgcrypto.sgml
+++ b/doc/src/sgml/pgcrypto.sgml
@ -189,6 +189,29 @@ hmac(data bytea, key bytea, type text) returns bytea
      <entry>13</entry>
      <entry>Original UNIX crypt</entry>
     </row>
+     <row>
+      <entry><literal>sha256crypt</literal></entry>
+      <entry>unlimited</entry>
+      <entry>yes</entry>
+      <entry>up to 32</entry>
+      <entry>80</entry>
+      <entry>Adapted from publicly available reference implementation
+       <ulink url="https://www.akkadia.org/drepper/SHA-crypt.txt">Unix crypt using SHA-256 and SHA-512
+       </ulink>
+      </entry>
+     </row>
+     <row>
+      <entry><literal>sha512crypt</literal></entry>
+      <entry>unlimited</entry>
+      <entry>yes</entry>
+      <entry>up to 32</entry>
+      <entry>123</entry>
+      <entry>Adapted from publicly available reference implementation
+       <ulink url="https://www.akkadia.org/drepper/SHA-crypt.txt">Unix crypt using SHA-256 and SHA-512
+       </ulink>
+      </entry>
+     </row>
+
    </tbody>
   </tgroup>
  </table>
@ -245,7 +268,9 @@ gen_salt(type text [, iter_count integer ]) returns text
   <para>
    The <parameter>type</parameter> parameter specifies the hashing algorithm.
    The accepted types are: <literal>des</literal>, <literal>xdes</literal>,
-    <literal>md5</literal> and <literal>bf</literal>.
+    <literal>md5</literal>, <literal>bf</literal>, <literal>sha256crypt</literal> and
+    <literal>sha512crypt</literal>. The last two, <literal>sha256crypt</literal> and
+    <literal>sha512crypt</literal> are modern <literal>SHA-2</literal> based password hashes.
   </para>

   <para>
@ -284,6 +309,12 @@ gen_salt(type text [, iter_count integer ]) returns text
       <entry>4</entry>
       <entry>31</entry>
      </row>
+      <row>
+       <entry><literal>sha256crypt, sha512crypt</literal></entry>
+       <entry>5000</entry>
+       <entry>1000</entry>
+       <entry>999999999</entry>
+      </row>
     </tbody>
    </tgroup>
   </table>
@ -313,6 +344,14 @@ gen_salt(type text [, iter_count integer ]) returns text
    <function>gen_salt</function>.
   </para>

+   <para>
+   The default <parameter>iter_count</parameter> for <literal>sha256crypt</literal> and
+   <literal>sha512crypt</literal> of <literal>5000</literal> is considered too low for modern
+   hardware, but can be adjusted to generate stronger password hashes.
+   Otherwise both hashes, <literal>sha256crypt</literal> and <literal>sha512crypt</literal> are
+   considered safe.
+   </para>
+
   <table id="pgcrypto-hash-speed-table">
    <title>Hash Algorithm Speeds</title>
    <tgroup cols="5">