1
<!-- doc/src/sgml/pgcrypto.sgml -->
4
<title>pgcrypto</title>
6
<indexterm zone="pgcrypto">
7
<primary>pgcrypto</primary>
10
<indexterm zone="pgcrypto">
11
<primary>encryption</primary>
12
<secondary>for specific columns</secondary>
16
The <filename>pgcrypto</> module provides cryptographic functions for
17
<productname>PostgreSQL</>.
21
<title>General Hashing Functions</title>
24
<title><function>digest()</function></title>
27
digest(data text, type text) returns bytea
28
digest(data bytea, type text) returns bytea
32
Computes a binary hash of the given <parameter>data</>.
33
<parameter>type</> is the algorithm to use.
34
Standard algorithms are <literal>md5</literal>, <literal>sha1</literal>,
35
<literal>sha224</literal>, <literal>sha256</literal>,
36
<literal>sha384</literal> and <literal>sha512</literal>.
37
If <filename>pgcrypto</> was built with
38
OpenSSL, more algorithms are available, as detailed in
39
<xref linkend="pgcrypto-with-without-openssl">.
43
If you want the digest as a hexadecimal string, use
44
<function>encode()</> on the result. For example:
46
CREATE OR REPLACE FUNCTION sha1(bytea) returns text AS $$
47
SELECT encode(digest($1, 'sha1'), 'hex')
48
$$ LANGUAGE SQL STRICT IMMUTABLE;
54
<title><function>hmac()</function></title>
57
hmac(data text, key text, type text) returns bytea
58
hmac(data bytea, key text, type text) returns bytea
62
Calculates hashed MAC for <parameter>data</> with key <parameter>key</>.
63
<parameter>type</> is the same as in <function>digest()</>.
67
This is similar to <function>digest()</> but the hash can only be
68
recalculated knowing the key. This prevents the scenario of someone
69
altering data and also changing the hash to match.
73
If the key is larger than the hash block size it will first be hashed and
74
the result will be used as key.
80
<title>Password Hashing Functions</title>
83
The functions <function>crypt()</> and <function>gen_salt()</>
84
are specifically designed for hashing passwords.
85
<function>crypt()</> does the hashing and <function>gen_salt()</>
86
prepares algorithm parameters for it.
90
The algorithms in <function>crypt()</> differ from usual hashing algorithms
91
like MD5 or SHA1 in the following respects:
97
They are slow. As the amount of data is so small, this is the only
98
way to make brute-forcing passwords hard.
103
They use a random value, called the <firstterm>salt</>, so that users
104
having the same password will have different encrypted passwords.
105
This is also an additional defense against reversing the algorithm.
110
They include the algorithm type in the result, so passwords hashed with
111
different algorithms can co-exist.
116
Some of them are adaptive — that means when computers get
117
faster, you can tune the algorithm to be slower, without
118
introducing incompatibility with existing passwords.
124
<xref linkend="pgcrypto-crypt-algorithms"> lists the algorithms
125
supported by the <function>crypt()</function> function.
128
<table id="pgcrypto-crypt-algorithms">
129
<title>Supported Algorithms for <function>crypt()</></title>
133
<entry>Algorithm</entry>
134
<entry>Max Password Length</entry>
135
<entry>Adaptive?</entry>
136
<entry>Salt Bits</entry>
137
<entry>Description</entry>
142
<entry><literal>bf</></entry>
146
<entry>Blowfish-based, variant 2a</entry>
149
<entry><literal>md5</></entry>
150
<entry>unlimited</entry>
153
<entry>MD5-based crypt</entry>
156
<entry><literal>xdes</></entry>
160
<entry>Extended DES</entry>
163
<entry><literal>des</></entry>
167
<entry>Original UNIX crypt</entry>
174
<title><function>crypt()</></title>
177
crypt(password text, salt text) returns text
181
Calculates a crypt(3)-style hash of <parameter>password</>.
182
When storing a new password, you need to use
183
<function>gen_salt()</> to generate a new <parameter>salt</> value.
184
To check a password, pass the stored hash value as <parameter>salt</>,
185
and test whether the result matches the stored value.
188
Example of setting a new password:
190
UPDATE ... SET pswhash = crypt('new password', gen_salt('md5'));
194
Example of authentication:
196
SELECT pswhash = crypt('entered password', pswhash) FROM ... ;
198
This returns <literal>true</> if the entered password is correct.
203
<title><function>gen_salt()</></title>
206
gen_salt(type text [, iter_count integer ]) returns text
210
Generates a new random salt string for use in <function>crypt()</>.
211
The salt string also tells <function>crypt()</> which algorithm to use.
215
The <parameter>type</> parameter specifies the hashing algorithm.
216
The accepted types are: <literal>des</literal>, <literal>xdes</literal>,
217
<literal>md5</literal> and <literal>bf</literal>.
221
The <parameter>iter_count</> parameter lets the user specify the iteration
222
count, for algorithms that have one.
223
The higher the count, the more time it takes to hash
224
the password and therefore the more time to break it. Although with
225
too high a count the time to calculate a hash may be several years
226
— which is somewhat impractical. If the <parameter>iter_count</>
227
parameter is omitted, the default iteration count is used.
228
Allowed values for <parameter>iter_count</> depend on the algorithm and
229
are shown in <xref linkend="pgcrypto-icfc-table">.
232
<table id="pgcrypto-icfc-table">
233
<title>Iteration Counts for <function>crypt()</></title>
237
<entry>Algorithm</entry>
238
<entry>Default</entry>
245
<entry><literal>xdes</></entry>
248
<entry>16777215</entry>
251
<entry><literal>bf</></entry>
261
For <literal>xdes</literal> there is an additional limitation that the
262
iteration count must be an odd number.
266
To pick an appropriate iteration count, consider that
267
the original DES crypt was designed to have the speed of 4 hashes per
268
second on the hardware of that time.
269
Slower than 4 hashes per second would probably dampen usability.
270
Faster than 100 hashes per second is probably too fast.
274
<xref linkend="pgcrypto-hash-speed-table"> gives an overview of the relative slowness
275
of different hashing algorithms.
276
The table shows how much time it would take to try all
277
combinations of characters in an 8-character password, assuming
278
that the password contains either only lower case letters, or
279
upper- and lower-case letters and numbers.
280
In the <literal>crypt-bf</literal> entries, the number after a slash is
281
the <parameter>iter_count</parameter> parameter of
282
<function>gen_salt</function>.
285
<table id="pgcrypto-hash-speed-table">
286
<title>Hash Algorithm Speeds</title>
290
<entry>Algorithm</entry>
291
<entry>Hashes/sec</entry>
292
<entry>For <literal>[a-z]</></entry>
293
<entry>For <literal>[A-Za-z0-9]</></entry>
298
<entry><literal>crypt-bf/8</></entry>
300
<entry>246 years</entry>
301
<entry>251322 years</entry>
304
<entry><literal>crypt-bf/7</></entry>
306
<entry>121 years</entry>
307
<entry>123457 years</entry>
310
<entry><literal>crypt-bf/6</></entry>
312
<entry>62 years</entry>
313
<entry>62831 years</entry>
316
<entry><literal>crypt-bf/5</></entry>
318
<entry>33 years</entry>
319
<entry>33351 years</entry>
322
<entry><literal>crypt-md5</></entry>
324
<entry>2.6 years</entry>
325
<entry>2625 years</entry>
328
<entry><literal>crypt-des</></entry>
329
<entry>362837</entry>
330
<entry>7 days</entry>
331
<entry>19 years</entry>
334
<entry><literal>sha1</></entry>
335
<entry>590223</entry>
336
<entry>4 days</entry>
337
<entry>12 years</entry>
340
<entry><literal>md5</></entry>
341
<entry>2345086</entry>
343
<entry>3 years</entry>
356
The machine used is a 1.5GHz Pentium 4.
361
<literal>crypt-des</> and <literal>crypt-md5</> algorithm numbers are
362
taken from John the Ripper v1.6.38 <literal>-test</> output.
367
<literal>md5</> numbers are from mdcrack 1.2.
372
<literal>sha1</> numbers are from lcrack-20031130-beta.
377
<literal>crypt-bf</literal> numbers are taken using a simple program that
378
loops over 1000 8-character passwords. That way I can show the speed
379
with different numbers of iterations. For reference: <literal>john
380
-test</literal> shows 213 loops/sec for <literal>crypt-bf/5</>.
382
difference in results is in accordance with the fact that the
383
<literal>crypt-bf</literal> implementation in <filename>pgcrypto</>
384
is the same one used in John the Ripper.)
390
Note that <quote>try all combinations</quote> is not a realistic exercise.
391
Usually password cracking is done with the help of dictionaries, which
392
contain both regular words and various mutations of them. So, even
393
somewhat word-like passwords could be cracked much faster than the above
394
numbers suggest, while a 6-character non-word-like password may escape
401
<title>PGP Encryption Functions</title>
404
The functions here implement the encryption part of the OpenPGP (RFC 4880)
405
standard. Supported are both symmetric-key and public-key encryption.
409
An encrypted PGP message consists of 2 parts, or <firstterm>packets</>:
414
Packet containing a session key — either symmetric-key or public-key
420
Packet containing data encrypted with the session key.
426
When encrypting with a symmetric key (i.e., a password):
431
The given password is hashed using a String2Key (S2K) algorithm. This is
432
rather similar to <function>crypt()</> algorithms — purposefully
433
slow and with random salt — but it produces a full-length binary
439
If a separate session key is requested, a new random key will be
440
generated. Otherwise the S2K key will be used directly as the session
446
If the S2K key is to be used directly, then only S2K settings will be put
447
into the session key packet. Otherwise the session key will be encrypted
448
with the S2K key and put into the session key packet.
454
When encrypting with a public key:
459
A new random session key is generated.
464
It is encrypted using the public key and put into the session key packet.
470
In either case the data to be encrypted is processed as follows:
475
Optional data-manipulation: compression, conversion to UTF-8,
476
and/or conversion of line-endings.
481
The data is prefixed with a block of random bytes. This is equivalent
482
to using a random IV.
487
An SHA1 hash of the random prefix and data is appended.
492
All this is encrypted with the session key and placed in the data packet.
498
<title><function>pgp_sym_encrypt()</function></title>
501
pgp_sym_encrypt(data text, psw text [, options text ]) returns bytea
502
pgp_sym_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea
505
Encrypt <parameter>data</> with a symmetric PGP key <parameter>psw</>.
506
The <parameter>options</> parameter can contain option settings,
512
<title><function>pgp_sym_decrypt()</function></title>
515
pgp_sym_decrypt(msg bytea, psw text [, options text ]) returns text
516
pgp_sym_decrypt_bytea(msg bytea, psw text [, options text ]) returns bytea
519
Decrypt a symmetric-key-encrypted PGP message.
522
Decrypting <type>bytea</> data with <function>pgp_sym_decrypt</> is disallowed.
523
This is to avoid outputting invalid character data. Decrypting
524
originally textual data with <function>pgp_sym_decrypt_bytea</> is fine.
527
The <parameter>options</> parameter can contain option settings,
533
<title><function>pgp_pub_encrypt()</function></title>
536
pgp_pub_encrypt(data text, key bytea [, options text ]) returns bytea
537
pgp_pub_encrypt_bytea(data bytea, key bytea [, options text ]) returns bytea
540
Encrypt <parameter>data</> with a public PGP key <parameter>key</>.
541
Giving this function a secret key will produce a error.
544
The <parameter>options</> parameter can contain option settings,
550
<title><function>pgp_pub_decrypt()</function></title>
553
pgp_pub_decrypt(msg bytea, key bytea [, psw text [, options text ]]) returns text
554
pgp_pub_decrypt_bytea(msg bytea, key bytea [, psw text [, options text ]]) returns bytea
557
Decrypt a public-key-encrypted message. <parameter>key</> must be the
558
secret key corresponding to the public key that was used to encrypt.
559
If the secret key is password-protected, you must give the password in
560
<parameter>psw</>. If there is no password, but you want to specify
561
options, you need to give an empty password.
564
Decrypting <type>bytea</> data with <function>pgp_pub_decrypt</> is disallowed.
565
This is to avoid outputting invalid character data. Decrypting
566
originally textual data with <function>pgp_pub_decrypt_bytea</> is fine.
569
The <parameter>options</> parameter can contain option settings,
575
<title><function>pgp_key_id()</function></title>
578
pgp_key_id(bytea) returns text
581
<function>pgp_key_id</> extracts the key ID of a PGP public or secret key.
582
Or it gives the key ID that was used for encrypting the data, if given
583
an encrypted message.
586
It can return 2 special key IDs:
594
The message is encrypted with a symmetric key.
602
The message is public-key encrypted, but the key ID has been removed.
603
That means you will need to try all your secret keys on it to see
604
which one decrypts it. <filename>pgcrypto</> itself does not produce
610
Note that different keys may have the same ID. This is rare but a normal
611
event. The client application should then try to decrypt with each one,
612
to see which fits — like handling <literal>ANYKEY</>.
617
<title><function>armor()</function>, <function>dearmor()</function></title>
620
armor(data bytea) returns text
621
dearmor(data text) returns bytea
624
These functions wrap/unwrap binary data into PGP ASCII-armor format,
625
which is basically Base64 with CRC and additional formatting.
630
<title>Options for PGP Functions</title>
633
Options are named to be similar to GnuPG. An option's value should be
634
given after an equal sign; separate options from each other with commas.
637
pgp_sym_encrypt(data, psw, 'compress-algo=1, cipher-algo=aes256')
642
All of the options except <literal>convert-crlf</literal> apply only to
643
encrypt functions. Decrypt functions get the parameters from the PGP
648
The most interesting options are probably
649
<literal>compress-algo</literal> and <literal>unicode-mode</literal>.
650
The rest should have reasonable defaults.
654
<title>cipher-algo</title>
657
Which cipher algorithm to use.
660
Values: bf, aes128, aes192, aes256 (OpenSSL-only: <literal>3des</literal>, <literal>cast5</literal>)
662
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
667
<title>compress-algo</title>
670
Which compression algorithm to use. Only available if
671
<productname>PostgreSQL</productname> was built with zlib.
677
2 - ZLIB compression (= ZIP plus meta-data and block CRCs)
679
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
684
<title>compress-level</title>
687
How much to compress. Higher levels compress smaller but are slower.
688
0 disables compression.
693
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
698
<title>convert-crlf</title>
701
Whether to convert <literal>\n</literal> into <literal>\r\n</literal> when
702
encrypting and <literal>\r\n</literal> to <literal>\n</literal> when
703
decrypting. RFC 4880 specifies that text data should be stored using
704
<literal>\r\n</literal> line-feeds. Use this to get fully RFC-compliant
710
Applies to: pgp_sym_encrypt, pgp_pub_encrypt, pgp_sym_decrypt, pgp_pub_decrypt
715
<title>disable-mdc</title>
718
Do not protect data with SHA-1. The only good reason to use this
719
option is to achieve compatibility with ancient PGP products, predating
720
the addition of SHA-1 protected packets to RFC 4880.
721
Recent gnupg.org and pgp.com software supports it fine.
726
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
731
<title>enable-session-key</title>
734
Use separate session key. Public-key encryption always uses a separate
735
session key; this is for symmetric-key encryption, which by default
736
uses the S2K key directly.
741
Applies to: pgp_sym_encrypt
746
<title>s2k-mode</title>
749
Which S2K algorithm to use.
753
0 - Without salt. Dangerous!
754
1 - With salt but with fixed iteration count.
755
3 - Variable iteration count.
757
Applies to: pgp_sym_encrypt
762
<title>s2k-digest-algo</title>
765
Which digest algorithm to use in S2K calculation.
770
Applies to: pgp_sym_encrypt
775
<title>s2k-cipher-algo</title>
778
Which cipher to use for encrypting separate session key.
781
Values: bf, aes, aes128, aes192, aes256
782
Default: use cipher-algo
783
Applies to: pgp_sym_encrypt
788
<title>unicode-mode</title>
791
Whether to convert textual data from database internal encoding to
792
UTF-8 and back. If your database already is UTF-8, no conversion will
793
be done, but the message will be tagged as UTF-8. Without this option
799
Applies to: pgp_sym_encrypt, pgp_pub_encrypt
805
<title>Generating PGP Keys with GnuPG</title>
808
To generate a new key:
814
The preferred key type is <quote>DSA and Elgamal</>.
817
For RSA encryption you must create either DSA or RSA sign-only key
818
as master and then add an RSA encryption subkey with
819
<literal>gpg --edit-key</literal>.
824
gpg --list-secret-keys
828
To export a public key in ASCII-armor format:
830
gpg -a --export KEYID > public.key
834
To export a secret key in ASCII-armor format:
836
gpg -a --export-secret-keys KEYID > secret.key
840
You need to use <function>dearmor()</> on these keys before giving them to
841
the PGP functions. Or if you can handle binary data, you can drop
842
<literal>-a</literal> from the command.
845
For more details see <literal>man gpg</literal>,
846
<ulink url="http://www.gnupg.org/gph/en/manual.html">The GNU
847
Privacy Handbook</ulink> and other documentation on
848
<ulink url="http://www.gnupg.org"></ulink>.
853
<title>Limitations of PGP Code</title>
858
No support for signing. That also means that it is not checked
859
whether the encryption subkey belongs to the master key.
864
No support for encryption key as master key. As such practice
865
is generally discouraged, this should not be a problem.
870
No support for several subkeys. This may seem like a problem, as this
871
is common practice. On the other hand, you should not use your regular
872
GPG/PGP keys with <filename>pgcrypto</>, but create new ones,
873
as the usage scenario is rather different.
881
<title>Raw Encryption Functions</title>
884
These functions only run a cipher over data; they don't have any advanced
885
features of PGP encryption. Therefore they have some major problems:
890
They use user key directly as cipher key.
895
They don't provide any integrity checking, to see
896
if the encrypted data was modified.
901
They expect that users manage all encryption parameters
907
They don't handle text.
912
So, with the introduction of PGP encryption, usage of raw
913
encryption functions is discouraged.
917
encrypt(data bytea, key bytea, type text) returns bytea
918
decrypt(data bytea, key bytea, type text) returns bytea
920
encrypt_iv(data bytea, key bytea, iv bytea, type text) returns bytea
921
decrypt_iv(data bytea, key bytea, iv bytea, type text) returns bytea
925
Encrypt/decrypt data using the cipher method specified by
926
<parameter>type</parameter>. The syntax of the
927
<parameter>type</parameter> string is:
930
<replaceable>algorithm</> <optional> <literal>-</> <replaceable>mode</> </optional> <optional> <literal>/pad:</> <replaceable>padding</> </optional>
932
where <replaceable>algorithm</> is one of:
935
<listitem><para><literal>bf</literal> — Blowfish</para></listitem>
936
<listitem><para><literal>aes</literal> — AES (Rijndael-128)</para></listitem>
938
and <replaceable>mode</> is one of:
942
<literal>cbc</literal> — next block depends on previous (default)
947
<literal>ecb</literal> — each block is encrypted separately (for
952
and <replaceable>padding</> is one of:
956
<literal>pkcs</literal> — data may be any length (default)
961
<literal>none</literal> — data must be multiple of cipher block size
967
So, for example, these are equivalent:
969
encrypt(data, 'fooz', 'bf')
970
encrypt(data, 'fooz', 'bf-cbc/pad:pkcs')
974
In <function>encrypt_iv</> and <function>decrypt_iv</>, the
975
<parameter>iv</> parameter is the initial value for the CBC mode;
976
it is ignored for ECB.
977
It is clipped or padded with zeroes if not exactly block size.
978
It defaults to all zeroes in the functions without this parameter.
983
<title>Random-Data Functions</title>
986
gen_random_bytes(count integer) returns bytea
989
Returns <parameter>count</> cryptographically strong random bytes.
990
At most 1024 bytes can be extracted at a time. This is to avoid
991
draining the randomness generator pool.
999
<title>Configuration</title>
1002
<filename>pgcrypto</> configures itself according to the findings of the
1003
main PostgreSQL <literal>configure</literal> script. The options that
1004
affect it are <literal>--with-zlib</literal> and
1005
<literal>--with-openssl</literal>.
1009
When compiled with zlib, PGP encryption functions are able to
1010
compress data before encrypting.
1014
When compiled with OpenSSL, there will be more algorithms available.
1015
Also public-key encryption functions will be faster as OpenSSL
1016
has more optimized BIGNUM functions.
1019
<table id="pgcrypto-with-without-openssl">
1020
<title>Summary of Functionality with and without OpenSSL</title>
1024
<entry>Functionality</entry>
1025
<entry>Built-in</entry>
1026
<entry>With OpenSSL</entry>
1041
<entry>SHA224/256/384/512</entry>
1043
<entry>yes (Note 1)</entry>
1046
<entry>Other digest algorithms</entry>
1048
<entry>yes (Note 2)</entry>
1051
<entry>Blowfish</entry>
1058
<entry>yes (Note 3)</entry>
1061
<entry>DES/3DES/CAST5</entry>
1066
<entry>Raw encryption</entry>
1071
<entry>PGP Symmetric encryption</entry>
1076
<entry>PGP Public-Key encryption</entry>
1091
SHA2 algorithms were added to OpenSSL in version 0.9.8. For
1092
older versions, <filename>pgcrypto</> will use built-in code.
1097
Any digest algorithm OpenSSL supports is automatically picked up.
1098
This is not possible with ciphers, which need to be supported
1104
AES is included in OpenSSL since version 0.9.7. For
1105
older versions, <filename>pgcrypto</> will use built-in code.
1112
<title>NULL Handling</title>
1115
As is standard in SQL, all functions return NULL, if any of the arguments
1116
are NULL. This may create security risks on careless usage.
1121
<title>Security Limitations</title>
1124
All <filename>pgcrypto</> functions run inside the database server.
1126
the data and passwords move between <filename>pgcrypto</> and client
1127
applications in clear text. Thus you must:
1132
<para>Connect locally or use SSL connections.</para>
1135
<para>Trust both system and database administrator.</para>
1140
If you cannot, then better do crypto inside client application.
1145
<title>Useful Reading</title>
1149
<para><ulink url="http://www.gnupg.org/gph/en/manual.html"></ulink></para>
1150
<para>The GNU Privacy Handbook.</para>
1153
<para><ulink url="http://www.openwall.com/crypt/"></ulink></para>
1154
<para>Describes the crypt-blowfish algorithm.</para>
1158
<ulink url="http://www.stack.nl/~galactus/remailers/passphrase-faq.html"></ulink>
1160
<para>How to choose a good password.</para>
1163
<para><ulink url="http://world.std.com/~reinhold/diceware.html"></ulink></para>
1164
<para>Interesting idea for picking passwords.</para>
1168
<ulink url="http://www.interhack.net/people/cmcurtin/snake-oil-faq.html"></ulink>
1170
<para>Describes good and bad cryptography.</para>
1176
<title>Technical References</title>
1180
<para><ulink url="http://www.ietf.org/rfc/rfc4880.txt"></ulink></para>
1181
<para>OpenPGP message format.</para>
1184
<para><ulink url="http://www.ietf.org/rfc/rfc1321.txt"></ulink></para>
1185
<para>The MD5 Message-Digest Algorithm.</para>
1188
<para><ulink url="http://www.ietf.org/rfc/rfc2104.txt"></ulink></para>
1189
<para>HMAC: Keyed-Hashing for Message Authentication.</para>
1193
<ulink url="http://www.usenix.org/events/usenix99/provos.html"></ulink>
1195
<para>Comparison of crypt-des, crypt-md5 and bcrypt algorithms.</para>
1198
<para><ulink url="http://csrc.nist.gov/cryptval/des.htm"></ulink></para>
1199
<para>Standards for DES, 3DES and AES.</para>
1203
<ulink url="http://en.wikipedia.org/wiki/Fortuna_(PRNG)"></ulink>
1205
<para>Description of Fortuna CSPRNG.</para>
1208
<para><ulink url="http://jlcooke.ca/random/"></ulink></para>
1209
<para>Jean-Luc Cooke Fortuna-based <filename>/dev/random</> driver for Linux.</para>
1212
<para><ulink url="http://research.cyber.ee/~lipmaa/crypto/"></ulink></para>
1213
<para>Collection of cryptology pointers.</para>
1220
<title>Author</title>
1223
Marko Kreen <email>markokr@gmail.com</email>
1227
<filename>pgcrypto</filename> uses code from the following sources:
1234
<entry>Algorithm</entry>
1235
<entry>Author</entry>
1236
<entry>Source origin</entry>
1241
<entry>DES crypt</entry>
1242
<entry>David Burren and others</entry>
1243
<entry>FreeBSD libcrypt</entry>
1246
<entry>MD5 crypt</entry>
1247
<entry>Poul-Henning Kamp</entry>
1248
<entry>FreeBSD libcrypt</entry>
1251
<entry>Blowfish crypt</entry>
1252
<entry>Solar Designer</entry>
1253
<entry>www.openwall.com</entry>
1256
<entry>Blowfish cipher</entry>
1257
<entry>Simon Tatham</entry>
1258
<entry>PuTTY</entry>
1261
<entry>Rijndael cipher</entry>
1262
<entry>Brian Gladman</entry>
1263
<entry>OpenBSD sys/crypto</entry>
1266
<entry>MD5 and SHA1</entry>
1267
<entry>WIDE Project</entry>
1268
<entry>KAME kame/sys/crypto</entry>
1271
<entry>SHA256/384/512 </entry>
1272
<entry>Aaron D. Gifford</entry>
1273
<entry>OpenBSD sys/crypto</entry>
1276
<entry>BIGNUM math</entry>
1277
<entry>Michael J. Fromberger</entry>
1278
<entry>dartmouth.edu/~sting/sw/imath</entry>