mirror of
https://github.com/jbranchaud/til
synced 2026-01-03 15:18:01 +00:00
48 lines
1.3 KiB
Markdown
48 lines
1.3 KiB
Markdown
# Salt And Hash A Password With pgcrypto
|
|
|
|
The
|
|
[`pgcrypto`](http://www.postgresql.org/docs/current/static/pgcrypto.html)
|
|
extension that ships with PostgreSQL can be used to do a number of
|
|
interesting things. This includes functions for doing salted password
|
|
hashing. Using the `crypt` and `gen_salt` functions, we can securely store a
|
|
user password and later compare it to plain-text passwords for
|
|
authentication purposes.
|
|
|
|
```sql
|
|
create extension pgcrypto;
|
|
|
|
select crypt('pa$$w0rd', gen_salt('bf'));
|
|
crypt
|
|
--------------------------------------------------------------
|
|
$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K
|
|
|
|
> select (
|
|
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K' =
|
|
crypt(
|
|
'pa$$w0rd',
|
|
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K'
|
|
)
|
|
) as matched;
|
|
matched
|
|
---------
|
|
t
|
|
|
|
> select (
|
|
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K' =
|
|
crypt(
|
|
'password',
|
|
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K'
|
|
)
|
|
) as matched;
|
|
matched
|
|
---------
|
|
f
|
|
```
|
|
|
|
The salt value is generated using the blowfish encryption algorithm (hence,
|
|
the `'bf'`). There is support for other algorithms such as `md5`.
|
|
|
|
See the
|
|
[`pgcrypt` documentation](http://www.postgresql.org/docs/current/static/pgcrypto.html) for
|
|
more details.
|