Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u1gWC-006OrR-N3 for pgsql-hackers@arkaria.postgresql.org; Mon, 07 Apr 2025 07:03:41 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u1gWA-00C8jc-Qy for pgsql-hackers@arkaria.postgresql.org; Mon, 07 Apr 2025 07:03:39 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u1gWA-00C8iD-Fg for pgsql-hackers@lists.postgresql.org; Mon, 07 Apr 2025 07:03:38 +0000 Received: from dd48506.kasserver.com ([85.13.164.188]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1u1gW8-003QE8-0U for pgsql-hackers@postgresql.org; Mon, 07 Apr 2025 07:03:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oopsware.de; s=kas202503021101; t=1744009412; bh=T5OqypZ+Rs2lGMrljc98MB6M5TR+7TUuoX+Z6eV6m7I=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=yX3UGkEBqSFvd1n97gkl/XLg+e5PfW+OcbEGtonRQzw4/3hves7rBWsnB6Yq1Gr10 KfVKlp/uDcuIa7YiMIzUtSYu4xjvYXI2keiK7nAAsq54AnvwQUuTEo9F7E4/w/cgHp KPXberERf4iItIvnqZCCZh2wKaWTSFpvxrDKuOxY+1pS5f1qL/ljrBNjkPBbgxcpkc PlDfgKJZKDSY0ZdXEvsQn9ldzEtBoCDnEouza6VUSQhG0rN0IpCXXTlBGOyvRlXbw7 ZGTvcOXyPNzYn97+X1hT8Pw5waroJql90WAzUK4q0N7lPMgX8HpkI2OnnsLw6sq9tu xhRYziXIdV2tg== Received: from sethos.at.struktu.ro (sethos.at.struktu.ro [46.4.183.126]) by dd48506.kasserver.com (Postfix) with ESMTPSA id 8EE828661301; Mon, 7 Apr 2025 09:03:32 +0200 (CEST) Received: from [192.168.1.186] (i5C75098A.versanet.de [92.117.9.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sethos.at.struktu.ro (Postfix) with ESMTPSA id 7CC1841F892F; Mon, 7 Apr 2025 09:03:31 +0200 (CEST) Message-ID: <55cc06ae36d662ae36a39ec68da005ad63f95084.camel@oopsware.de> Subject: Re: Modern SHA2- based password hashes for pgcrypto From: Bernd Helmle To: Tom Lane , Alvaro Herrera Cc: Japin Li , PostgreSQL Development Date: Mon, 07 Apr 2025 09:03:30 +0200 In-Reply-To: <2977905.1743968616@sss.pgh.pa.us> References: <202504051722.3jv3ashzaibd@alvherre.pgsql> <2977905.1743968616@sss.pgh.pa.us> Autocrypt: addr=mailings@oopsware.de; prefer-encrypt=mutual; keydata=mQGiBEIM4dYRBACEnxQZ/CfR1xbCJzGOIjvh3fZpLALMm+tt237QlZm9nlLaEwCn317sT 1khPAJwhyBHSHbNFbH+LOL6ezYrg4V2Q9KHyYJDStJtC8c+D7vHVB5Jfslynx89DnCH6jb3H0j+U0 iNYmRmT18PWTZhD5RuXT+Toyz/0hH4YnJzha4VUwCggikXRuhIQ0KIzrps7/PsvasTPjUD/1aoEHR wVyk2C2hXh6GWJYq+1l+sB2d0TOnFJf2xy3Xo03Hi+BEJJdYGqJKqzd0KfsFyJYhO2GIGScSEj1hs TqAiY8OZeRqRGHe69OQEguUSVXp/jPaqU8fel8dbDDMnXkgULq8oO4T9e4GJSFqIvrlx0sJqSMFdi ihV+xCzDS40BACBrTq9tyXmyxJWzQ1/0Hx9S4sU+yeR8ztZH9xgWi1wksfHpEgZBdAkQynlI80/bC tgxfVu+LKgxeqGfMSnT9t8agpr1IGcmSbDntbn/K+3EmCze0jq8EQrZHJWiwCqraM8mnmILSEl5zn aoVoBIF062b60zZicuNeYaVgEKSHfirQgQmVybmQgSGVsbWxlIDxiZXJuZEBvb3Bzd2FyZS5kZT6I XgQTEQIAHgUCQhyP2gIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRBRdc2OhdlKzMm4AJ9mW1np2 RXi66WzEvcIanaJkDT+xgCfZmXG/Sziz5FchI3OjXfXDZfwnNm0J0Jlcm5kIEhlbG1sZSA8YmVybm QuaGVsbWxlQG9vcHN3YXJlLmRlPoheBBMRAgAeBQJCDOHWAhsDBgsJCAcDAgMVAgMDFgIBAh4BAhe AAAoJEFF1zY6F2UrMWZgAn3MVwDBzRS5dZu1yjx7WU3E3JSheAJ41CUYMIkX/oYfWssUVYnOuedgn 8LQlQmVybmQgSGVsbWxlIDxiaEBzY2huYWVwcGNoZW5qYWdkLmRlPoheBBMRAgAeBQJCHI+pAhsDB gsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEFF1zY6F2UrMYMUAn0rk8fEEY2tHGSUD7PNbk+Fwkd7MAJ 4wMfOerrvsKTrB9xmFnZ2ZUy67w7QjQmVybmQgSGVsbWxlIDxtYWlsaW5nc0Bvb3Bzd2FyZS5kZT6 IXgQTEQIAHgUCQhyPxgIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRBRdc2OhdlKzOhrAJ4w+A3H cjTJb54lUDpyyQu6Y5dlVQCeJCFKygOVbpn4HSp4Z+R6+s4Rul60J0Jlcm5kIEhlbG1sZSA8YmVyb mQuaGVsbWxlQGN5YmVydGVjLmF0Poh4BBMRAgA4FiEEcLVWcrwQIdBqHtvMUXXNjoXZSswFAmDe1D kCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQUXXNjoXZSszs9QCfbbpKT0/Mh4PhfS6rRbm NNQC1zS8An2x1PLHPS6649DRkiYOMWTXzAlSE Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.54.3 (3.54.3-1.fc41) MIME-Version: 1.0 X-Spamd-Bar: / List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Am Sonntag, dem 06.04.2025 um 15:43 -0400 schrieb Tom Lane: > What this is on about is that portable use of isalpha() or isdigit() > requires casting a "char" value to "unsigned char".=C2=A0 I was about to > make that simple change when I started to question if we actually > want to be using here at all.=C2=A0 Do you REALLY intend that > any random non-ASCII letter is okay to include in the decoded_salt? > Are you okay with that filter being locale-dependent? >=20 > I'd be more comfortable with a check like >=20 > if (strchr("...valid chars...", *ep) !=3D NULL) >=20 Hmm, the idea was to allow a wider range of letters for the salt. This came from my experiments that openssl allows more than just the ones from _crypt_itoa64. But after reading this, i realized even isalpha() isn't enough, since e.g. mulitbyte character wouldn't work anyways, like openssl allows: echo -n password | openssl passwd -5 -salt =C3=84=C3=96=C3=9C -stdin $5$=C3=84=C3=96=C3=9C$NduBUgCdzvnW1lW8EMxW9DuxN6HmT0niS7H4ftRxuX0 So we would have to test for these cases, too. I looked again into pyhon's passlib, and they don't accept any non-ASCII fancy characters, neither. So i think Tom has a point, we can restrict this to the characters from _crypt_itoa64 and go that route. I am not sure about externally generated hashes which are going to be stored in postgres and validated later there. This can restrict the use case perhaps. > It looks like "_crypt_itoa64" might be directly usable as the > valid-chars string, too.=C2=A0 (BTW, why is _crypt_itoa64 not > marked const?) That's an oversight by me. I can create a patch with the fixes (and the one Andres' reported) for today. Thanks Bernd