PSQL: Salt And Hash A Password With pgcrypto
The
pgcrypto
extension that ships with PostgreSQL can be used to do a number of
interesting things. This includes functions for doing salted password
hashing. Using the crypt
and gen_salt
functions, we can securely store a
user password and later compare it to plain-text passwords for
authentication purposes.
create extension pgcrypto;
select crypt('pa$$w0rd', gen_salt('bf'));
crypt
--------------------------------------------------------------
$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K
> select (
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K' =
crypt(
'pa$$w0rd',
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K'
)
) as matched;
matched
---------
t
> select (
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K' =
crypt(
'password',
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K'
)
) as matched;
matched
---------
f
The salt value is generated using the blowfish encryption algorithm (hence,
the 'bf'
). There is support for other algorithms such as md5
.
See the
pgcrypto
documentation
for more details.
Via jbranchaud/til.
Leave a comment