pg_pwhash
pg_pwhash
pg_pwhash : Advanced password hashing methods for PostgreSQL
Overview
| ID | Extension | Package | Version | Category | License | Language |
|---|---|---|---|---|---|---|
| 7330 | pg_pwhash | pg_pwhash | 1.0 | SEC | MIT | C |
| Attribute | Has Binary | Has Library | Need Load | Has DDL | Relocatable | Trusted |
|---|---|---|---|---|---|---|
--s-d-r | No | Yes | No | Yes | yes | no |
RPM metadata shows license=PostgreSQL, but packaged LICENSE file is MIT
Packages
| Type | Repo | Version | PG Major Compatibility | Package Pattern | Dependencies |
|---|---|---|---|---|---|
| EXT | PGDG | 1.0 | 18 17 16 15 14 | pg_pwhash | - |
| RPM | PGDG | 1.0 | 18 17 16 15 14 | pg_pwhash_$v | - |
| DEB | PGDG | 1.0 | 18 17 16 15 14 | postgresql-$v-pg-pwhash | - |
| Linux / PG | PG18 | PG17 | PG16 | PG15 | PG14 |
|---|---|---|---|---|---|
el8.x86_64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
el8.aarch64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
el9.x86_64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
el9.aarch64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
el10.x86_64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
el10.aarch64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
d12.x86_64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
d12.aarch64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
d13.x86_64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
d13.aarch64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
u22.x86_64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
u22.aarch64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
u24.x86_64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
u24.aarch64 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 | PGDG 1.0 |
Source
Install
Make sure PGDG repo available:
pig repo add pgdg -u # add pgdg repo and update cacheInstall this extension with pig:
pig install pg_pwhash; # install via package name, for the active PG version
pig install pg_pwhash -v 18; # install for PG 18
pig install pg_pwhash -v 17; # install for PG 17
pig install pg_pwhash -v 16; # install for PG 16
pig install pg_pwhash -v 15; # install for PG 15
pig install pg_pwhash -v 14; # install for PG 14Create this extension with:
CREATE EXTENSION pg_pwhash;Usage
pg_pwhash provides modern adaptive password hashing algorithms including Argon2, scrypt, and yescrypt for PostgreSQL.
CREATE EXTENSION pg_pwhash;Supported Algorithms
| Identifier | Algorithm | Salt Pattern |
|---|---|---|
argon2i | Argon2i | $argon2i$v=19$m=4096,t=3,p=1$<salt> |
argon2d | Argon2d | $argon2d$v=19$m=4096,t=3,p=1$<salt> |
argon2id | Argon2id | $argon2id$v=19$m=4096,t=3,p=1$<salt> |
scrypt | Scrypt | $scrypt$ln=16,r=8,p=1$<salt> |
$7$ | Scrypt (crypt) | $7$BU<salt> |
yescrypt | yescrypt (crypt) | $y$j9T$<salt> |
Core Functions
Generate Salt and Hash
-- Argon2id (recommended)
SELECT pwhash_crypt('password', pwhash_gen_salt('argon2id'));
-- $argon2id$v=19$m=4096,t=3,p=1$<salt>$<hash>
-- Scrypt
SELECT pwhash_crypt('password', pwhash_gen_salt('scrypt'));
-- Yescrypt
SELECT pwhash_crypt('password', pwhash_gen_salt('yescrypt'));Verify Password
-- Hash matches if output equals stored hash
SELECT stored_hash = pwhash_crypt('entered_password', stored_hash) AS valid;Direct Hashing Functions
SELECT pwhash_argon2('password', pwhash_gen_salt('argon2id'));
SELECT pwhash_scrypt('password', pwhash_gen_salt('scrypt'));
SELECT pwhash_yescrypt_crypt('password', pwhash_gen_salt('yescrypt'));Custom Salt Parameters
-- Argon2 with custom memory/time/parallelism
SELECT pwhash_gen_salt('argon2id', 'm=65536', 't=4', 'p=2');
-- Scrypt with custom parameters
SELECT pwhash_gen_salt('scrypt', 'ln=20', 'r=8', 'p=1');Configuration
| Parameter | Description |
|---|---|
pg_pwhash.argon2_default_backend | Backend for Argon2: libargon2 or openssl |
Last updated on