This projects implements the process to generate a SCRAM-SHA-256 Hash as a regular HTML page using Javascript - as simple as possible to be run or hosted. All the code is contained in a single HTML page (index.html) and you can run it directly from your browser.
If you just want to use it, it's hosted on: https://denismedeiros.github.io/scram-sha-256-generator/
This code is inspired in the original implementation in the PostgreSQL project and in other implementations made by the community (please see references).
In summary, it requires some combinations of some hashing algorithms including:
- PBKDF2 (with algorithm SHA256) + Salt.
- HMAC (with algorithm SHA256).
- SHA256 hash.
- Base64 enconding.
To run these functions, this project relies on the library CryptoJS, which is included in the index.html.
To test a hashed password generated by this tool, you can run the following steps:
-
Run a generic PostgreSQL container:
docker run --rm -d -it --name example-postgres -p 5432:5432 -e POSTGRES_USER=test -e POSTGRES_PASSWORD=test postgres:14-alpine
-
Run psql on that container and create a new user using a SCRAM-SHA-256 hash generated by the web page.
psql "postgres://test:test@localhost:5432/postgres"CREATE ROLE "example" WITH LOGIN PASSWORD '<SCRAM-SHA-256 hash here>';
quit
-
Finally, try to log in using the new role:
psql "postgres://example:<password>@localhost:5432/postgres"
Don't forget to delete the container if you don't need it anymore.
- https://www.postgresql.org/docs/13/auth-password.html
- https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism
- https://github.com/postgres/postgres/tree/master/src
- https://github.com/brix/crypto-js
- https://cryptojs.gitbook.io/docs/
- https://stackoverflow.com/questions/68400120/how-to-generate-scram-sha-256-to-create-postgres-13-user