1 <!-- $PostgreSQL: pgsql/doc/src/sgml/pgcrypto.sgml,v 1.6 2008/01/17 14:34:45 mha Exp $ -->
4 <title>pgcrypto</title>
6 <indexterm zone="pgcrypto">
7 <primary>pgcrypto</primary>
11 The <filename>pgcrypto</> module provides cryptographic functions for
12 <productname>PostgreSQL</>.
16 <title>General hashing functions</title>
19 <title><function>digest()</function></title>
22 digest(data text, type text) returns bytea
23 digest(data bytea, type text) returns bytea
27 Computes a binary hash of the given <parameter>data</>.
28 <parameter>type</> is the algorithm to use.
29 Standard algorithms are <literal>md5</literal>, <literal>sha1</literal>,
30 <literal>sha224</literal>, <literal>sha256</literal>,
31 <literal>sha384</literal> and <literal>sha512</literal>.
32 If <filename>pgcrypto</> was built with
33 OpenSSL, more algorithms are available, as detailed in
34 <xref linkend="pgcrypto-with-without-openssl">.
38 If you want the digest as a hexadecimal string, use
39 <function>encode()</> on the result. For example:
42 CREATE OR REPLACE FUNCTION sha1(bytea) returns text AS $$
43 SELECT encode(digest($1, 'sha1'), 'hex')
44 $$ LANGUAGE SQL STRICT IMMUTABLE;
49 <title><function>hmac()</function></title>
52 hmac(data text, key text, type text) returns bytea
53 hmac(data bytea, key text, type text) returns bytea
57 Calculates hashed MAC for <parameter>data</> with key <parameter>key</>.
58 <parameter>type</> is the same as in <function>digest()</>.
62 This is similar to <function>digest()</> but the hash can only be
63 recalculated knowing the key. This prevents the scenario of someone
64 altering data and also changing the hash to match.
68 If the key is larger than the hash block size it will first be hashed and
69 the result will be used as key.
75 <title>Password hashing functions</title>
78 The functions <function>crypt()</> and <function>gen_salt()</>
79 are specifically designed for hashing passwords.
80 <function>crypt()</> does the hashing and <function>gen_salt()</>
81 prepares algorithm parameters for it.
85 The algorithms in <function>crypt()</> differ from usual hashing algorithms
86 like MD5 or SHA1 in the following respects:
92 They are slow. As the amount of data is so small, this is the only
93 way to make brute-forcing passwords hard.
98 They use a random value, called the <firstterm>salt</>, so that users
99 having the same password will have different encrypted passwords.
100 This is also an additional defense against reversing the algorithm.
105 They include the algorithm type in the result, so passwords hashed with
106 different algorithms can co-exist.
111 Some of them are adaptive — that means when computers get
112 faster, you can tune the algorithm to be slower, without
113 introducing incompatibility with existing passwords.
119 <title>Supported algorithms for <function>crypt()</></title>
123 <entry>Algorithm</entry>
124 <entry>Max password length</entry>
125 <entry>Adaptive?</entry>
126 <entry>Salt bits</entry>
127 <entry>Description</entry>
132 <entry><literal>bf</></entry>
136 <entry>Blowfish-based, variant 2a</entry>
139 <entry><literal>md5</></entry>
140 <entry>unlimited</entry>
143 <entry>MD5-based crypt</entry>
146 <entry><literal>xdes</></entry>
150 <entry>Extended DES</entry>
153 <entry><literal>des</></entry>
157 <entry>Original UNIX crypt</entry>
164 <title><function>crypt()</></title>
167 crypt(password text, salt text) returns text
171 Calculates a crypt(3)-style hash of <parameter>password</>.
172 When storing a new password, you need to use
173 <function>gen_salt()</> to generate a new <parameter>salt</> value.
174 To check a password, pass the stored hash value as <parameter>salt</>,
175 and test whether the result matches the stored value.
178 Example of setting a new password:
181 UPDATE ... SET pswhash = crypt('new password', gen_salt('md5'));
184 Example of authentication:
187 SELECT pswhash = crypt('entered password', pswhash) FROM ... ;
190 This returns <literal>true</> if the entered password is correct.
195 <title><function>gen_salt()</></title>
198 gen_salt(type text [, iter_count integer ]) returns text
202 Generates a new random salt string for use in <function>crypt()</>.
203 The salt string also tells <function>crypt()</> which algorithm to use.
207 The <parameter>type</> parameter specifies the hashing algorithm.
208 The accepted types are: <literal>des</literal>, <literal>xdes</literal>,
209 <literal>md5</literal> and <literal>bf</literal>.
213 The <parameter>iter_count</> parameter lets the user specify the iteration
214 count, for algorithms that have one.
215 The higher the count, the more time it takes to hash
216 the password and therefore the more time to break it. Although with
217 too high a count the time to calculate a hash may be several years
218 — which is somewhat impractical. If the <parameter>iter_count</>
219 parameter is omitted, the default iteration count is used.
220 Allowed values for <parameter>iter_count</> depend on the algorithm:
224 <title>Iteration counts for <function>crypt()</></title>
228 <entry>Algorithm</entry>
229 <entry>Default</entry>
236 <entry><literal>xdes</></entry>
239 <entry>16777215</entry>
242 <entry><literal>bf</></entry>
252 For <literal>xdes</literal> there is an additional limitation that the
253 iteration count must be an odd number.
257 To pick an appropriate iteration count, consider that
258 the original DES crypt was designed to have the speed of 4 hashes per
259 second on the hardware of that time.
260 Slower than 4 hashes per second would probably dampen usability.
261 Faster than 100 hashes per second is probably too fast.
265 Here is a table that gives an overview of the relative slowness
266 of different hashing algorithms.
267 The table shows how much time it would take to try all
268 combinations of characters in an 8-character password, assuming
269 that the password contains either only lowercase letters, or
270 upper- and lower-case letters and numbers.
271 In the <literal>crypt-bf</literal> entries, the number after a slash is
272 the <parameter>iter_count</parameter> parameter of
273 <function>gen_salt</function>.
277 <title>Hash algorithm speeds</title>
281 <entry>Algorithm</entry>
282 <entry>Hashes/sec</entry>
283 <entry>For <literal>[a-z]</></entry>
284 <entry>For <literal>[A-Za-z0-9]</></entry>
289 <entry><literal>crypt-bf/8</></entry>
291 <entry>246 years</entry>
292 <entry>251322 years</entry>
295 <entry><literal>crypt-bf/7</></entry>
297 <entry>121 years</entry>
298 <entry>123457 years</entry>
301 <entry><literal>crypt-bf/6</></entry>
303 <entry>62 years</entry>
304 <entry>62831 years</entry>
307 <entry><literal>crypt-bf/5</></entry>
309 <entry>33 years</entry>
310 <entry>33351 years</entry>
313 <entry><literal>crypt-md5</></entry>
315 <entry>2.6 years</entry>
316 <entry>2625 years</entry>
319 <entry><literal>crypt-des</></entry>
320 <entry>362837</entry>
321 <entry>7 days</entry>
322 <entry>19 years</entry>
325 <entry><literal>sha1</></entry>
326 <entry>590223</entry>
327 <entry>4 days</entry>
328 <entry>12 years</entry>
331 <entry><literal>md5</></entry>
332 <entry>2345086</entry>
334 <entry>3 years</entry>
347 The machine used is a 1.5GHz Pentium 4.
352 <literal>crypt-des</> and <literal>crypt-md5</> algorithm numbers are
353 taken from John the Ripper v1.6.38 <literal>-test</> output.
358 <literal>md5</> numbers are from mdcrack 1.2.
363 <literal>sha1</> numbers are from lcrack-20031130-beta.
368 <literal>crypt-bf</literal> numbers are taken using a simple program that
369 loops over 1000 8-character passwords. That way I can show the speed
370 with different numbers of iterations. For reference: <literal>john
371 -test</literal> shows 213 loops/sec for <literal>crypt-bf/5</>.
373 difference in results is in accordance with the fact that the
374 <literal>crypt-bf</literal> implementation in <filename>pgcrypto</>
375 is the same one used in John the Ripper.)
381 Note that <quote>try all combinations</quote> is not a realistic exercise.
382 Usually password cracking is done with the help of dictionaries, which
383 contain both regular words and various mutations of them. So, even
384 somewhat word-like passwords could be cracked much faster than the above
385 numbers suggest, while a 6-character non-word-like password may escape
392 <title>PGP encryption functions</title>
395 The functions here implement the encryption part of the OpenPGP (RFC 4880)
396 standard. Supported are both symmetric-key and public-key encryption.
400 An encrypted PGP message consists of 2 parts, or <firstterm>packets</>:
405 Packet containing a session key — either symmetric-key or public-key
411 Packet containing data encrypted with the session key.
417 When encrypting with a symmetric key (i.e., a password):
422 The given password is hashed using a String2Key (S2K) algorithm. This is
423 rather similar to <function>crypt()</> algorithms — purposefully
424 slow and with random salt — but it produces a full-length binary
430 If a separate session key is requested, a new random key will be
431 generated. Otherwise the S2K key will be used directly as the session
437 If the S2K key is to be used directly, then only S2K settings will be put
438 into the session key packet. Otherwise the session key will be encrypted
439 with the S2K key and put into the session key packet.
445 When encrypting with a public key:
450 A new random session key is generated.
455 It is encrypted using the public key and put into the session key packet.
461 In either case the data to be encrypted is processed as follows:
466 Optional data-manipulation: compression, conversion to UTF-8,
467 and/or conversion of line-endings.
472 The data is prefixed with a block of random bytes. This is equivalent
473 to using a random IV.
478 An SHA1 hash of the random prefix and data is appended.
483 All this is encrypted with the session key and placed in the data packet.
489 <title><function>pgp_sym_encrypt()</function></title>
492 pgp_sym_encrypt(data text, psw text [, options text ]) returns bytea
493 pgp_sym_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea
496 Encrypt <parameter>data</> with a symmetric PGP key <parameter>psw</>.
497 The <parameter>options</> parameter can contain option settings,
503 <title><function>pgp_sym_decrypt()</function></title>
506 pgp_sym_decrypt(msg bytea, psw text [, options text ]) returns text
507 pgp_sym_decrypt_bytea(msg bytea, psw text [, options text ]) returns bytea
510 Decrypt a symmetric-key-encrypted PGP message.
513 Decrypting bytea data with <function>pgp_sym_decrypt</> is disallowed.
514 This is to avoid outputting invalid character data. Decrypting
515 originally textual data with <function>pgp_sym_decrypt_bytea</> is fine.
518 The <parameter>options</> parameter can contain option settings,
524 <title><function>pgp_pub_encrypt()</function></title>
527 pgp_pub_encrypt(data text, key bytea [, options text ]) returns bytea
528 pgp_pub_encrypt_bytea(data bytea, key bytea [, options text ]) returns bytea
531 Encrypt <parameter>data</> with a public PGP key <parameter>key</>.
532 Giving this function a secret key will produce a error.
535 The <parameter>options</> parameter can contain option settings,
541 <title><function>pgp_pub_decrypt()</function></title>
544 pgp_pub_decrypt(msg bytea, key bytea [, psw text [, options text ]]) returns text
545 pgp_pub_decrypt_bytea(msg bytea, key bytea [, psw text [, options text ]]) returns bytea
548 Decrypt a public-key-encrypted message. <parameter>key</> must be the
549 secret key corresponding to the public key that was used to encrypt.
550 If the secret key is password-protected, you must give the password in
551 <parameter>psw</>. If there is no password, but you want to specify
552 options, you need to give an empty password.
555 Decrypting bytea data with <function>pgp_pub_decrypt</> is disallowed.
556 This is to avoid outputting invalid character data. Decrypting
557 originally textual data with <function>pgp_pub_decrypt_bytea</> is fine.
560 The <parameter>options</> parameter can contain option settings,
566 <title><function>pgp_key_id()</function></title>
569 pgp_key_id(bytea) returns text
572 <function>pgp_key_id</> extracts the key ID of a PGP public or secret key.
573 Or it gives the key ID that was used for encrypting the data, if given
574 an encrypted message.
577 It can return 2 special key IDs:
585 The message is encrypted with a symmetric key.
593 The message is public-key encrypted, but the key ID has been removed.
594 That means you will need to try all your secret keys on it to see
595 which one decrypts it. <filename>pgcrypto</> itself does not produce
601 Note that different keys may have the same ID. This is rare but a normal
602 event. The client application should then try to decrypt with each one,
603 to see which fits — like handling <literal>ANYKEY</>.
608 <title><function>armor()</function>, <function>dearmor()</function></title>
611 armor(data bytea) returns text
612 dearmor(data text) returns bytea
615 These functions wrap/unwrap binary data into PGP Ascii Armor format,
616 which is basically Base64 with CRC and additional formatting.
621 <title>Options for PGP functions</title>
624 Options are named to be similar to GnuPG. An option's value should be
625 given after an equal sign; separate options from each other with commas.
629 pgp_sym_encrypt(data, psw, 'compress-algo=1, cipher-algo=aes256')
633 All of the options except <literal>convert-crlf</literal> apply only to
634 encrypt functions. Decrypt functions get the parameters from the PGP
639 The most interesting options are probably
640 <literal>compress-algo</literal> and <literal>unicode-mode</literal>.
641 The rest should have reasonable defaults.
645 <title>cipher-algo</title>
648 Which cipher algorithm to use.
651 Values: bf, aes128, aes192, aes256 (OpenSSL-only: <literal>3des</literal>, <literal>cast5</literal>)
653 Applies to: pgp_sym_encrypt, pgp_pub_encrypt
658 <title>compress-algo</title>
661 Which compression algorithm to use. Only available if
662 <productname>PostgreSQL</productname> was built with zlib.
668 2 - ZLIB compression (= ZIP plus meta-data and block CRCs)
670 Applies to: pgp_sym_encrypt, pgp_pub_encrypt
675 <title>compress-level</title>
678 How much to compress. Higher levels compress smaller but are slower.
679 0 disables compression.
684 Applies to: pgp_sym_encrypt, pgp_pub_encrypt
689 <title>convert-crlf</title>
692 Whether to convert <literal>\n</literal> into <literal>\r\n</literal> when
693 encrypting and <literal>\r\n</literal> to <literal>\n</literal> when
694 decrypting. RFC 4880 specifies that text data should be stored using
695 <literal>\r\n</literal> line-feeds. Use this to get fully RFC-compliant
701 Applies to: pgp_sym_encrypt, pgp_pub_encrypt, pgp_sym_decrypt, pgp_pub_decrypt
706 <title>disable-mdc</title>
709 Do not protect data with SHA-1. The only good reason to use this
710 option is to achieve compatibility with ancient PGP products, predating
711 the addition of SHA-1 protected packets to RFC 4880.
712 Recent gnupg.org and pgp.com software supports it fine.
717 Applies to: pgp_sym_encrypt, pgp_pub_encrypt
722 <title>enable-session-key</title>
725 Use separate session key. Public-key encryption always uses a separate
726 session key; this is for symmetric-key encryption, which by default
727 uses the S2K key directly.
732 Applies to: pgp_sym_encrypt
737 <title>s2k-mode</title>
740 Which S2K algorithm to use.
744 0 - Without salt. Dangerous!
745 1 - With salt but with fixed iteration count.
746 3 - Variable iteration count.
748 Applies to: pgp_sym_encrypt
753 <title>s2k-digest-algo</title>
756 Which digest algorithm to use in S2K calculation.
761 Applies to: pgp_sym_encrypt
766 <title>s2k-cipher-algo</title>
769 Which cipher to use for encrypting separate session key.
772 Values: bf, aes, aes128, aes192, aes256
773 Default: use cipher-algo
774 Applies to: pgp_sym_encrypt
779 <title>unicode-mode</title>
782 Whether to convert textual data from database internal encoding to
783 UTF-8 and back. If your database already is UTF-8, no conversion will
784 be done, but the message will be tagged as UTF-8. Without this option
790 Applies to: pgp_sym_encrypt, pgp_pub_encrypt
796 <title>Generating PGP keys with GnuPG</title>
799 To generate a new key:
805 The preferred key type is <quote>DSA and Elgamal</>.
808 For RSA encryption you must create either DSA or RSA sign-only key
809 as master and then add an RSA encryption subkey with
810 <literal>gpg --edit-key</literal>.
816 gpg --list-secret-keys
819 To export a public key in ascii-armor format:
822 gpg -a --export KEYID > public.key
825 To export a secret key in ascii-armor format:
828 gpg -a --export-secret-keys KEYID > secret.key
831 You need to use <function>dearmor()</> on these keys before giving them to
832 the PGP functions. Or if you can handle binary data, you can drop
833 <literal>-a</literal> from the command.
836 For more details see <literal>man gpg</literal>,
837 <ulink url="http://www.gnupg.org/gph/en/manual.html">The GNU
838 Privacy Handbook</ulink> and other documentation on
839 <ulink url="http://www.gnupg.org"></ulink>.
844 <title>Limitations of PGP code</title>
849 No support for signing. That also means that it is not checked
850 whether the encryption subkey belongs to the master key.
855 No support for encryption key as master key. As such practice
856 is generally discouraged, this should not be a problem.
861 No support for several subkeys. This may seem like a problem, as this
862 is common practice. On the other hand, you should not use your regular
863 GPG/PGP keys with <filename>pgcrypto</>, but create new ones,
864 as the usage scenario is rather different.
872 <title>Raw encryption functions</title>
875 These functions only run a cipher over data; they don't have any advanced
876 features of PGP encryption. Therefore they have some major problems:
881 They use user key directly as cipher key.
886 They don't provide any integrity checking, to see
887 if the encrypted data was modified.
892 They expect that users manage all encryption parameters
898 They don't handle text.
903 So, with the introduction of PGP encryption, usage of raw
904 encryption functions is discouraged.
908 encrypt(data bytea, key bytea, type text) returns bytea
909 decrypt(data bytea, key bytea, type text) returns bytea
911 encrypt_iv(data bytea, key bytea, iv bytea, type text) returns bytea
912 decrypt_iv(data bytea, key bytea, iv bytea, type text) returns bytea
916 Encrypt/decrypt data using the cipher method specified by
917 <parameter>type</parameter>. The syntax of the
918 <parameter>type</parameter> string is:
922 <replaceable>algorithm</> <optional> <literal>-</> <replaceable>mode</> </optional> <optional> <literal>/pad:</> <replaceable>padding</> </optional>
926 where <replaceable>algorithm</> is one of:
929 <listitem><para><literal>bf</literal> — Blowfish</para></listitem>
930 <listitem><para><literal>aes</literal> — AES (Rijndael-128)</para></listitem>
933 and <replaceable>mode</> is one of:
938 <literal>cbc</literal> — next block depends on previous (default)
943 <literal>ecb</literal> — each block is encrypted separately (for
949 and <replaceable>padding</> is one of:
954 <literal>pkcs</literal> — data may be any length (default)
959 <literal>none</literal> — data must be multiple of cipher block size
964 So, for example, these are equivalent:
967 encrypt(data, 'fooz', 'bf')
968 encrypt(data, 'fooz', 'bf-cbc/pad:pkcs')
971 In <function>encrypt_iv</> and <function>decrypt_iv</>, the
972 <parameter>iv</> parameter is the initial value for the CBC mode;
973 it is ignored for ECB.
974 It is clipped or padded with zeroes if not exactly block size.
975 It defaults to all zeroes in the functions without this parameter.
980 <title>Random-data functions</title>
983 gen_random_bytes(count integer) returns bytea
986 Returns <parameter>count</> cryptographically strong random bytes.
987 At most 1024 bytes can be extracted at a time. This is to avoid
988 draining the randomness generator pool.
996 <title>Configuration</title>
999 <filename>pgcrypto</> configures itself according to the findings of the
1000 main PostgreSQL <literal>configure</literal> script. The options that
1001 affect it are <literal>--with-zlib</literal> and
1002 <literal>--with-openssl</literal>.
1006 When compiled with zlib, PGP encryption functions are able to
1007 compress data before encrypting.
1011 When compiled with OpenSSL, there will be more algorithms available.
1012 Also public-key encryption functions will be faster as OpenSSL
1013 has more optimized BIGNUM functions.
1016 <table id="pgcrypto-with-without-openssl">
1017 <title>Summary of functionality with and without OpenSSL</title>
1021 <entry>Functionality</entry>
1022 <entry>Built-in</entry>
1023 <entry>With OpenSSL</entry>
1038 <entry>SHA224/256/384/512</entry>
1040 <entry>yes (Note 1)</entry>
1043 <entry>Other digest algorithms</entry>
1045 <entry>yes (Note 2)</entry>
1048 <entry>Blowfish</entry>
1055 <entry>yes (Note 3)</entry>
1058 <entry>DES/3DES/CAST5</entry>
1063 <entry>Raw encryption</entry>
1068 <entry>PGP Symmetric encryption</entry>
1073 <entry>PGP Public-Key encryption</entry>
1088 SHA2 algorithms were added to OpenSSL in version 0.9.8. For
1089 older versions, <filename>pgcrypto</> will use built-in code.
1094 Any digest algorithm OpenSSL supports is automatically picked up.
1095 This is not possible with ciphers, which need to be supported
1101 AES is included in OpenSSL since version 0.9.7. For
1102 older versions, <filename>pgcrypto</> will use built-in code.
1109 <title>NULL handling</title>
1112 As is standard in SQL, all functions return NULL, if any of the arguments
1113 are NULL. This may create security risks on careless usage.
1118 <title>Security limitations</title>
1121 All <filename>pgcrypto</> functions run inside the database server.
1123 the data and passwords move between <filename>pgcrypto</> and client
1124 applications in clear text. Thus you must:
1129 <para>Connect locally or use SSL connections.</para>
1132 <para>Trust both system and database administrator.</para>
1137 If you cannot, then better do crypto inside client application.
1142 <title>Useful reading</title>
1146 <para><ulink url="http://www.gnupg.org/gph/en/manual.html"></ulink></para>
1147 <para>The GNU Privacy Handbook.</para>
1150 <para><ulink url="http://www.openwall.com/crypt/"></ulink></para>
1151 <para>Describes the crypt-blowfish algorithm.</para>
1155 <ulink url="http://www.stack.nl/~galactus/remailers/passphrase-faq.html"></ulink>
1157 <para>How to choose a good password.</para>
1160 <para><ulink url="http://world.std.com/~reinhold/diceware.html"></ulink></para>
1161 <para>Interesting idea for picking passwords.</para>
1165 <ulink url="http://www.interhack.net/people/cmcurtin/snake-oil-faq.html"></ulink>
1167 <para>Describes good and bad cryptography.</para>
1173 <title>Technical references</title>
1177 <para><ulink url="http://www.ietf.org/rfc/rfc4880.txt"></ulink></para>
1178 <para>OpenPGP message format.</para>
1181 <para><ulink url="http://www.ietf.org/rfc/rfc1321.txt"></ulink></para>
1182 <para>The MD5 Message-Digest Algorithm.</para>
1185 <para><ulink url="http://www.ietf.org/rfc/rfc2104.txt"></ulink></para>
1186 <para>HMAC: Keyed-Hashing for Message Authentication.</para>
1190 <ulink url="http://www.usenix.org/events/usenix99/provos.html"></ulink>
1192 <para>Comparison of crypt-des, crypt-md5 and bcrypt algorithms.</para>
1195 <para><ulink url="http://csrc.nist.gov/cryptval/des.htm"></ulink></para>
1196 <para>Standards for DES, 3DES and AES.</para>
1200 <ulink url="http://en.wikipedia.org/wiki/Fortuna_(PRNG)"></ulink>
1202 <para>Description of Fortuna CSPRNG.</para>
1205 <para><ulink url="http://jlcooke.ca/random/"></ulink></para>
1206 <para>Jean-Luc Cooke Fortuna-based /dev/random driver for Linux.</para>
1209 <para><ulink url="http://www.cs.ut.ee/~helger/crypto/"></ulink></para>
1210 <para>Collection of cryptology pointers.</para>
1217 <title>Author</title>
1220 Marko Kreen <email>markokr@gmail.com</email>
1224 <filename>pgcrypto</filename> uses code from the following sources:
1228 <title>Credits</title>
1232 <entry>Algorithm</entry>
1233 <entry>Author</entry>
1234 <entry>Source origin</entry>
1239 <entry>DES crypt</entry>
1240 <entry>David Burren and others</entry>
1241 <entry>FreeBSD libcrypt</entry>
1244 <entry>MD5 crypt</entry>
1245 <entry>Poul-Henning Kamp</entry>
1246 <entry>FreeBSD libcrypt</entry>
1249 <entry>Blowfish crypt</entry>
1250 <entry>Solar Designer</entry>
1251 <entry>www.openwall.com</entry>
1254 <entry>Blowfish cipher</entry>
1255 <entry>Simon Tatham</entry>
1256 <entry>PuTTY</entry>
1259 <entry>Rijndael cipher</entry>
1260 <entry>Brian Gladman</entry>
1261 <entry>OpenBSD sys/crypto</entry>
1264 <entry>MD5 and SHA1</entry>
1265 <entry>WIDE Project</entry>
1266 <entry>KAME kame/sys/crypto</entry>
1269 <entry>SHA256/384/512 </entry>
1270 <entry>Aaron D. Gifford</entry>
1271 <entry>OpenBSD sys/crypto</entry>
1274 <entry>BIGNUM math</entry>
1275 <entry>Michael J. Fromberger</entry>
1276 <entry>dartmouth.edu/~sting/sw/imath</entry>