pg_pwhash
Advanced password hashing methods for PostgreSQL
Overview
| Package | Version | Category | License | Language |
|---|---|---|---|---|
pg_pwhash | 1.0 | SEC | MIT | C |
| ID | Extension | Bin | Lib | Load | Create | Trust | Reloc | Schema |
|---|---|---|---|---|---|---|---|---|
| 7330 | pg_pwhash | No | Yes | No | Yes | No | Yes | - |
RPM metadata shows license=PostgreSQL, but packaged LICENSE file is MIT
Version
| Type | Repo | Version | PG Ver | Package | Deps |
|---|---|---|---|---|---|
| EXT | PGDG | 1.0 | 1817161514 | pg_pwhash | - |
| RPM | PGDG | 1.0 | 1817161514 | pg_pwhash_$v | - |
| DEB | PGDG | 1.0 | 1817161514 | postgresql-$v-pg-pwhash | - |
Install
You can install pg_pwhash directly. First, make sure the PGDG repository is added and enabled:
pig repo add pgdg -u # Add PGDG repo and update cache
Install the extension using pig or apt/yum/dnf:
pig install pg_pwhash; # Install for current active PG version
pig ext install -y pg_pwhash -v 18 # PG 18
pig ext install -y pg_pwhash -v 17 # PG 17
pig ext install -y pg_pwhash -v 16 # PG 16
pig ext install -y pg_pwhash -v 15 # PG 15
pig ext install -y pg_pwhash -v 14 # PG 14
dnf install -y pg_pwhash_18 # PG 18
dnf install -y pg_pwhash_17 # PG 17
dnf install -y pg_pwhash_16 # PG 16
dnf install -y pg_pwhash_15 # PG 15
dnf install -y pg_pwhash_14 # PG 14
apt install -y postgresql-18-pg-pwhash # PG 18
apt install -y postgresql-17-pg-pwhash # PG 17
apt install -y postgresql-16-pg-pwhash # PG 16
apt install -y postgresql-15-pg-pwhash # PG 15
apt install -y postgresql-14-pg-pwhash # PG 14
Create Extension:
CREATE EXTENSION pg_pwhash;
Usage
pg_pwhash provides modern adaptive password hashing algorithms including Argon2, scrypt, and yescrypt for PostgreSQL.
CREATE EXTENSION pg_pwhash;
Supported Algorithms
| Identifier | Algorithm | Salt Pattern |
|---|---|---|
argon2i | Argon2i | $argon2i$v=19$m=4096,t=3,p=1$<salt> |
argon2d | Argon2d | $argon2d$v=19$m=4096,t=3,p=1$<salt> |
argon2id | Argon2id | $argon2id$v=19$m=4096,t=3,p=1$<salt> |
scrypt | Scrypt | $scrypt$ln=16,r=8,p=1$<salt> |
$7$ | Scrypt (crypt) | $7$BU<salt> |
yescrypt | yescrypt (crypt) | $y$j9T$<salt> |
Core Functions
Generate Salt and Hash
-- Argon2id (recommended)
SELECT pwhash_crypt('password', pwhash_gen_salt('argon2id'));
-- $argon2id$v=19$m=4096,t=3,p=1$<salt>$<hash>
-- Scrypt
SELECT pwhash_crypt('password', pwhash_gen_salt('scrypt'));
-- Yescrypt
SELECT pwhash_crypt('password', pwhash_gen_salt('yescrypt'));
Verify Password
-- Hash matches if output equals stored hash
SELECT stored_hash = pwhash_crypt('entered_password', stored_hash) AS valid;
Direct Hashing Functions
SELECT pwhash_argon2('password', pwhash_gen_salt('argon2id'));
SELECT pwhash_scrypt('password', pwhash_gen_salt('scrypt'));
SELECT pwhash_yescrypt_crypt('password', pwhash_gen_salt('yescrypt'));
Custom Salt Parameters
-- Argon2 with custom memory/time/parallelism
SELECT pwhash_gen_salt('argon2id', 'm=65536', 't=4', 'p=2');
-- Scrypt with custom parameters
SELECT pwhash_gen_salt('scrypt', 'ln=20', 'r=8', 'p=1');
Configuration
| Parameter | Description |
|---|---|
pg_pwhash.argon2_default_backend | Backend for Argon2: libargon2 or openssl |
Feedback
Was this page helpful?
Thanks for the feedback! Please let us know how we can improve.
Sorry to hear that. Please let us know how we can improve.