Salt And Hash A Password With pgcrypto
The pgcrypto
extension that ships with PostgreSQL can be used to do a number of interesting things. This includes functions for doing salted password hashing. Using the crypt
and gen_salt
functions, we can securely store a user password and later compare it to plain-text passwords for authentication purposes.
create extension pgcrypto;
select crypt('pa$$w0rd', gen_salt('bf'));
crypt
--------------------------------------------------------------
$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K
> select (
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K' =
crypt(
'pa$$w0rd',
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K'
)
) as matched;
matched
---------
t
> select (
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K' =
crypt(
'password',
'$2a$06$Z7wmrkYMOyLboLcULUYzNe6nHUcWywSZTt6nSrT5Xdv/VLdJ4g99K'
)
) as matched;
matched
---------
f
The salt value is generated using the blowfish encryption algorithm (hence, the 'bf'
). There is support for other algorithms such as md5
.
See the pgcrypt
documentation for more details.
Last updated
Was this helpful?