Postgresql is a pretty cool database and it even has functions for encryption. So if you write a user-database, you don’t need to use crypto-functions from your programming language to encrypt your password. You can directly use postgresql-functions!
Before we can do this, we have to install the required postgresql-extensions:
apt-get install postgresql-contrib-9.4
And then activate the extensions( I’ll use here my database “columbo”):
postgres@tardis:~$ psql -d columbo
columbo=# create extension pgcrypto;
CREATE EXTENSION
columbo=# select * from engineer;
id | username | password
----+----------+----------
2 | pfalk | dog
columbo=# update engineer set password = crypt('dog', gen_salt('bf')) WHERE id=2;
UPDATE 1
columbo=# select * from engineer;
id | username | password
----+----------+--------------------------------------------------------------
2 | pfalk | $2a$06$v/HdMyli9DOhlxAsqoCQAOvapOX7k7vbQ/2ZN9A5ORLSCOk1ZWMzK
columbo=# select * from engineer WHERE password = crypt('dog',password);
id | username | password
----+----------+--------------------------------------------------------------
2 | pfalk | $2a$06$v/HdMyli9DOhlxAsqoCQAOvapOX7k7vbQ/2ZN9A5ORLSCOk1ZWMzK
That’s how we just created a crypted password with a generated salt(using blowfish) using the postgresql crypto-functions.