Menu
I read that there are datatypes which do encryption so passwords are secured in your database.
I use at the moment varchar to store passwords. I have had the idea that I should somehow apply a SHA-512 function to the password and put that data somewhere such that the plain text password is removed.
However, the datatype in Perl suggests me that there are a better way in PostgreSQL than varchar.
What is the datatype for a password in PostgreSQL?
266
NIST (in the U.S.) recommends sha-256 or higher. Since a hashing algorithm always produces a value of set length you will need 256 bits to store this sha-256 hashed password.
MySQL server uses the PASSWORD function to encrypt MySQL passwords for storage in the Password column of the user grant table. The value returned by the PASSWORD function is a hashed string, or NULL if the argument was NULL. The PASSWORD function accepts one parameter which is the string to be encrypted.
Login and Connect as Default User For most systems, the default Postgres user is postgres and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres user.
When creating a new user, we can use the crypt function to encrypt the password. INSERT INTO users (email, password) VALUES ( '[email protected]', crypt('johnspassword', gen_salt('bf')) ); The crypt function accepts two arguments: The password to encrypt.
Jeff has a good article titled You're Probably Storing Passwords Incorrectly. This article discusses various ways of storing passwords in databases, and some of the common pitfalls that you may run into. In particular, it discusses the use of hashing algorithms, rainbow tables, and the use of "salt" to reduce the risk of a compromised password file.
The use of the varchar data type is perfectly suitable for storing a properly hashed password. For example, here is part of my actual account record from a production database:
=> select account_id, email, salt, passhash from account where email = '[email protected]'; account_id | email | salt | passhash ------------+------------------+------------------+------------------------------------------ 1 | [email protected] | GFR9uT4N4Tzl3vnK | 2c2bf00079a6d49a8f7fb17cefb52fdb41a4b043 (1 row)
In this case, passhash is the hex representation of the SHA-1 of the salt concatenated with my password.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
