Обсуждение: encrypted field
Hello, How can I crypt the field of a table? This field will contain secret data, I need therefore to crypt this field to avoid those data to be stored on the disk unprotected. Where can I found documentation on this topic? Thanks Greg __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
** Sorry folks.. before anyone flames me: this is not a "stupid C trigger", it
is only a "stupid C *function*".. ;-) Since I am implementing a couple of
triggers, I have this word in my mind.. you know? Sorry...
So you do: s/trigger/function/g below, okay? ;-)
**
Hello Greg,
I've created a stupid little C trigger that is kinda like MySQL's "encrypt"
function. I use it to store passwords in the UNIX crypt format.
Here's the encrypt.c:
--------------------------------------------------------
/*
*
* Henrique Pantarotto (scanner@cepa.com.br)
* Funcao para encriptar senhas (Function to encrypt passwords)
* September 1999
*
* Create trigger like this:
* create function encrypt(text) returns text as
* '/usr/local/pgsql/hpmail/encrypt.so' language 'c';
*
*/
#include <stdio.h>
#include <strings.h>
#include <unistd.h>
#include <postgres.h>
#include <utils/builtins.h>
text *encrypt (text *user);
text *encrypt(text *user)
{
char *password;
password = crypt(textout(user), "HP");
return textin(password);
}
----------------------------------------------------------
Compile using something like this:
1: gcc -I/down/postgresql-6.5.1/src/include -I$/down/postgresql-6.5.1/src/backend -O2 -Wall -Wmissing-prototypes -fpic
-I/down/postgresql-6.5.1/src/include-c -o encrypt.o encrypt.c
2: gcc -shared -o encrypt.so encrypt.o
(my postgres sources are in /down/postgresql-6.5.1, you'll need to change this
path)
And last, you create the trigger in PostgreSQL using this:
create function encrypt(text) returns text as '/usr/local/pgsql/encrypt.so' language 'c';
If everything is okay, you'll probably have: select encrypt('secret') working
and showing:
encrypt
------------
HPK1Jt2NX21G.
(1 row)
blabla=>
PS: Note that all crypted passwords are created with salt "HP" (my name
initials..) You can change that, or if you know C, you can do in a way that it
will pick two random characters (the way it should really be).
I'm no experience C programmer, nor an experienced PostgreSQL user, so maybe
there's a smarter way to do this same thing.. (there might be even a built in
function that I don't know).
Good luck and regards from Brazil,
Henrique Pantarotto
Sao Paulo, SP - Brasil
scanner@cepa.com.br
On sex, 17 set 1999, Gregoire Pichon wrote:
> Hello,
>
> How can I crypt the field of a table?
> This field will contain secret data, I need therefore
> to crypt this field to avoid those data to be stored
> on the disk unprotected.
>
> Where can I found documentation on this topic?
>
> Thanks
> Greg
>
> __________________________________________________
> Do You Yahoo!?
> Bid and sell for free at http://auctions.yahoo.com
>
> ************
--
Henrique Pantarotto
CEPAnet Internet Provider
webmaster / analista de sistemas
Email: scanner@cepa.com.br
Tel: (011) 5506-8477
Cel: (011) 9706-3444
LINUX FRIEND
** Sorry folks.. before anyone flames me: this is not a "stupid C trigger", it
is only a "stupid C *function*".. ;-) Since I am implementing a couple of
triggers, I have this word in my mind.. you know? Sorry...
So you do: s/trigger/function/g below, okay? ;-)
**
Hello Greg,
I've created a stupid little C trigger that is kinda like MySQL's "encrypt"
function. I use it to store passwords in the UNIX crypt format.
Here's the encrypt.c:
--------------------------------------------------------
/*
*
* Henrique Pantarotto (scanner@cepa.com.br)
* Funcao para encriptar senhas (Function to encrypt passwords)
* September 1999
*
* Create trigger like this:
* create function encrypt(text) returns text as
* '/usr/local/pgsql/hpmail/encrypt.so' language 'c';
*
*/
#include <stdio.h>
#include <strings.h>
#include <unistd.h>
#include <postgres.h>
#include <utils/builtins.h>
text *encrypt (text *user);
text *encrypt(text *user)
{
char *password;
password = crypt(textout(user), "HP");
return textin(password);
}
----------------------------------------------------------
Compile using something like this:
1: gcc -I/down/postgresql-6.5.1/src/include -I$/down/postgresql-6.5.1/src/backend -O2 -Wall -Wmissing-prototypes -fpic
-I/down/postgresql-6.5.1/src/include-c -o encrypt.o encrypt.c
2: gcc -shared -o encrypt.so encrypt.o
(my postgres sources are in /down/postgresql-6.5.1, you'll need to change this
path)
And last, you create the trigger in PostgreSQL using this:
create function encrypt(text) returns text as '/usr/local/pgsql/encrypt.so' language 'c';
If everything is okay, you'll probably have: select encrypt('secret') working
and showing:
encrypt
------------
HPK1Jt2NX21G.
(1 row)
blabla=>
PS: Note that all crypted passwords are created with salt "HP" (my name
initials..) You can change that, or if you know C, you can do in a way that it
will pick two random characters (the way it should really be).
I'm no experience C programmer, nor an experienced PostgreSQL user, so maybe
there's a smarter way to do this same thing.. (there might be even a built in
function that I don't know).
Good luck and regards from Brazil,
Henrique Pantarotto
Sao Paulo, SP - Brasil
scanner@cepa.com.br
On sex, 17 set 1999, Gregoire Pichon wrote:
> Hello,
>
> How can I crypt the field of a table?
> This field will contain secret data, I need therefore
> to crypt this field to avoid those data to be stored
> on the disk unprotected.
>
> Where can I found documentation on this topic?
>
> Thanks
> Greg
>
> __________________________________________________
> Do You Yahoo!?
> Bid and sell for free at http://auctions.yahoo.com
>
> ************
--
Henrique Pantarotto
CEPAnet Internet Provider
webmaster / analista de sistemas
Email: scanner@cepa.com.br
Tel: (011) 5506-8477
Cel: (011) 9706-3444
LINUX FRIEND
On Fri, Sep 17, 1999 at 09:03:58AM -0300, Henrique Pantarotto wrote:
<snipped Henrique's crypt function>
> PS: Note that all crypted passwords are created with salt "HP" (my name
> initials..) You can change that, or if you know C, you can do in a way that it
> will pick two random characters (the way it should really be).
I've got a similar function, just a generation later. Note that I don't
remember what trigger code I used the framework from. Apparently, (from
looking at Henrique's code) there are some text convenience functions
I don't know about: I did all the memory allocation explictly (i.e. the
hard way). I also ran into a 'gotcha': crypt expects zero terminated
strings, pg text type is a counted string. Took me too long to find the
problem, since from pgsql, I seemed to get a new (zeroed) buffer, most of
the time. So there might be lots of extra bzero()s and memcpy()s in the
following. If anyone has any suggestions for improvments, I'm all ears!
I compiled it as so:
cc -shared -I /usr/include/postgresql/ -o sqlcrypt.so sqlcrypt.c
And created the functions as described in the comments in the file.
This gives you two functions, sqlcrypt(text) and sqlcrypt(text,text)
The first form will pick a random salt, the second uses a given salt. I
use them from some web-based middleware, which has no crypt() function
(ColdFusion), as so:
with a table:
logins (userid serial, password char(13), username text)
SELECT userid FROM logins WHERE
username= '#name_entered#' and
password=sqlcrypt('#pass_entered#',substr(password,1,2))
--------------------------8<----------------------------------------
/* sqlcrypt functions: wrapper around standard unix crypt call.
* Copyright 1999, Ross J. Reedstrom (reedstrm@rice.edu)
* I hereby place this code under the same copyright restrictions as
* PostgreSQL.
*/
#define _XOPEN_SOURCE
#include <postgres.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <sys/time.h>
text *sqlcrypt(text *key, text *salt);
/*
* Create functions:
*
* sql create function sqlcrypt(text,text) returns text
* as 'DESTLIB' language 'c'*/
* sql create function sqlcrypt(text) returns text
* as 'select sqlcrypt($1,'''')' language 'SQL'
*
*/
char *crypt(const char *key, const char *salt);
int rand(void);
void srand(unsigned int seed);
text *sqlcrypt(text *key, text *salt)
{
text *ret;
char pass[] = "123456789";
char s[] = "...";
char salts[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./";
/* as per crypt(3): [a-zA-Z0-9./] */
int j,k;
struct timeval tv;
s[2]=0;
bzero(pass,9);
/* test for not-valid salt: if not, pick randomly. I'm only testing
size, should also make sure the first two characters are in the valid
set. Anyone have a better way to get a pseudo random number? I brought
in gettimeofday to seed rand*/
if ((VARSIZE(salt)-VARHDRSZ) < 2)
{
gettimeofday(&tv,0);
srand((unsigned int)(tv.tv_usec));
s[0]=salts[(rand() % 64)];
s[1]=salts[(rand() % 64)];
}
else
{
memcpy(s,VARDATA(salt),2);
}
ret = palloc(VARHDRSZ + 13);
bzero(ret,VARHDRSZ + 13);
VARSIZE(ret) = (VARHDRSZ + 13);
/* don't copy any garbage from the input, but only get the first eight */
if ((VARSIZE(key)-VARHDRSZ) < 8)
{
memcpy(pass,VARDATA(key),VARSIZE(key)-VARHDRSZ);
}
else
{
memcpy(pass,VARDATA(key),8) ;
}
memcpy(VARDATA(ret), crypt(pass,s),13);
return ret;
}
--------------------------8<----------------------------------------
>
> I'm no experience C programmer, nor an experienced PostgreSQL user, so maybe
> there's a smarter way to do this same thing.. (there might be even a built in
> function that I don't know).
>
Ditto for me: again, anyone have any improvements, let me know, my users will
thank you, if only they knew...
Ross
--
Ross J. Reedstrom, Ph.D., <reedstrm@rice.edu>
NSBRI Research Scientist/Programmer
Computer and Information Technology Institute
Rice University, 6100 S. Main St., Houston, TX 77005
> > PS: Note that all crypted passwords are created with salt "HP" (my name > > initials..) You can change that, or if you know C, you can do in a way that it > > will pick two random characters (the way it should really be). One quick remark: if you are serious about using hash (not encryption, strictly speaking) as a protection: having a *random* salt is an important part of using crypt(). "Static salt" (sounds weird, huh) reduces the strength of the algorithm a lot. > I also ran into a 'gotcha': crypt expects zero terminated > strings, pg text type is a counted string. > [...] anyone have any improvements, let me know To avoid this "gotcha" and at the same time provide quality "hash", you may want to look into functions like MD5 or SHA-1 which will accept anything as input (a bit stream!) and generate a fixed-length, ASCII-text result. Stéphane PS: I have a working implementation of SHA-1 in C, if someone has the time / experience / need to write a wrapper for pgsql... ;)
> > PS: Note that all crypted passwords are created with salt "HP" (my name > > initials..) You can change that, or if you know C, you can do in a way that it > > will pick two random characters (the way it should really be). One quick remark: if you are serious about using hash (not encryption, strictly speaking) as a protection: having a *random* salt is an important part of using crypt(). "Static salt" (sounds weird, huh) reduces the strength of the algorithm a lot. > I also ran into a 'gotcha': crypt expects zero terminated > strings, pg text type is a counted string. > [...] anyone have any improvements, let me know To avoid this "gotcha" and at the same time provide quality "hash", you may want to look into functions like MD5 or SHA-1 which will accept anything as input (a bit stream!) and generate a fixed-length, ASCII-text result. Stéphane PS: I have a working implementation of SHA-1 in C, if someone has the time / experience / need to write a wrapper for pgsql... ;)
This message was cancelled from within Mozilla.
> > PS: Note that all crypted passwords are created with salt "HP" (my name > > initials..) You can change that, or if you know C, you can do in a way that it > > will pick two random characters (the way it should really be). One quick remark: if you are serious about using hash (not encryption, strictly speaking) as a protection: having a *random* salt is an important part of using crypt(). "Static salt" (sounds weird, huh) reduces the strength of the algorithm a lot. > I also ran into a 'gotcha': crypt expects zero terminated > strings, pg text type is a counted string. > [...] anyone have any improvements, let me know To avoid this "gotcha" and at the same time provide quality "hash", you may want to look into functions like MD5 or SHA-1 which will accept anything as input (a bit stream!) and generate a fixed-length, ASCII-text result. Stéphane PS: I have a working implementation of SHA-1 in C, if someone has the time / experience / need to write a wrapper for pgsql... ;)