Problem with storing encrypted passwords in postgres database

<p>Hello! I am trying to store user accounts in a PostgreSQL database and therefore used PBKDF2 to not store the passwords in plain text. Now I get the error </p> <blockquote> <p>pq: invalid byte sequence for encoding &#34;UTF8&#34;: 0xcf 0x71</p> </blockquote> <p>every time I try to run the INSERT statement. I know this is probably a problem with Postgres, but I thought maybe someone here has experienced the same or a similar problem and knows a solution. Maybe you can even recommend another database to me.</p> <p>Thanks in advance!</p> <p>How I create the pbkdf2 password:</p> <pre><code>b := make([]byte, 32) rand.Read(b) salt := fmt.Sprintf(&#34;%x&#34;, b) epw := pbkdf2.Key([]byte(pwd), []byte(salt), 4096, 32, sha1.New) </code></pre> <hr/>**评论：**<br/><br/>asaz989: <pre><p>The PostgreSQL &#34;text&#34; and &#34;varchar&#34; column types require their data to be valid in their configured character set; encrypted data is by design indistinguishable from a random sequence of bytes, and so is unlikely to be valid in any given character set.</p> <p>Use a column with the <a href="http://www.postgresql.org/docs/9.4/static/datatype-binary.html">bytea or blob</a> types instead.</p></pre>mko31: <pre><p>Ah, that makes sense. I&#39;ll try it immediately and report back. Thank you :)</p> <p>edit: It worked! Thanks again</p></pre>defererror: <pre><p>I&#39;ve never used that library, but here&#39;s how to do it with <a href="https://godoc.org/golang.org/x/crypto/bcrypt">bcrypt</a>:</p> <pre><code>hash, err := bcrypt.GenerateFromPassword(password, 12) </code></pre> <p>And then <code>hash</code> is a byte slice of ASCII characters, so you don&#39;t need to do any conversion before putting it into a database that&#39;s expecting UTF-8.</p></pre>mko31: <pre><p>Thank you for your answer!</p> <p>Bcrypt doesn&#39;t offer the use of a salt, right? I tried to find out as much as possible about securely storing passwords and almost every organization and person recommended PBKDF2. I also used it in earlier (sadly) nodejs projects.</p></pre>elithrar_: <pre><blockquote> <p>Bcrypt doesn&#39;t offer the use of a salt, right?</p> </blockquote> <p>Go&#39;s bcrypt library (<code>crypto/bcrypt</code>) generates the salt for you (<a href="https://github.com/golang/crypto/blob/master/bcrypt/bcrypt.go#L143">see this line</a>).</p> <p>I strongly recommend you use bcrypt or <a href="https://github.com/elithrar/simple-scrypt">scrypt</a> over PBKDF2, unless you have a need for PBKDF2 (you almost certainly don&#39;t). PBKDF2 isn&#39;t horrible, but bcrypt and scrypt exist to build on top of what PBKDF2 was trying to achieve (a variable-cost key derivation function).</p> <p>Further, your <code>password_hash</code> column in Postgres should be a <code>bytea</code> (byte array) type if you want to store the output of <code>GenerateFromPassword</code> directly. Storing the raw byte array is more efficient and there&#39;s little use for a hex or base64 representation of the hash in most applications.</p></pre>koalefant: <pre><p>Another advantage of bcrypt is that it stores the cost/iterations and salt as well as the derived key/pw all as one thing.</p> <p>Which means you don&#39;t need to manually store the salt/iterations separately as you would in pbdkf2. It also means as computer processing gets faster you can increase the cost/iterations and store the new hash easily.</p></pre>IntellectualReserve: <pre><p>bcrypt is a pleasure to use</p></pre>Dont_Reddit_Me: <pre><p>Like almost everything from OpenBSD</p></pre>maruwan: <pre><p>I was going to suggest to do the encrypting / decrypting in postgres instead of go, but this appears to not be a good idea:</p> <p><a href="http://stackoverflow.com/a/18687445" rel="nofollow">http://stackoverflow.com/a/18687445</a></p></pre>joeshmo: <pre><p>I think encoding it in base64 would solve your problem. </p></pre>