Back to top
  Back to overview

Crypto functions

These functions can be used when hashing data, encrypting data, and for securely authenticating users into the database.

Function Description
crypto::md5() Returns the md5 hash of a value
crypto::sha1() Returns the sha1 hash of a value
crypto::sha256() Returns the sha256 hash of a value
crypto::sha512() Returns the sha512 hash of a value
crypto::argon2::compare() Compares an argon2 hash to a password
crypto::argon2::generate() Generates a new argon2 hashed password
crypto::pbkdf2::compare() Compares an pbkdf2 hash to a password
crypto::pbkdf2::generate() Generates a new pbkdf2 hashed password
crypto::scrypt::compare() Compares an scrypt hash to a password
crypto::scrypt::generate() Generates a new scrypt hashed password

crypto::md5

The crypto::md5 function returns the md5 hash of the input value.

crypto::md5(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::md5("tobie");
"4768b3fc7ac751e03a614e2349abf3bf"

If the argument is not a string, then the value will be cast to a string before the value is hashed:

SELECT * FROM crypto::md5(12345);
"827ccb0eea8a706c4c34a16891f84e7b"

crypto::sha1

The crypto::sha1 function returns the sha1 hash of the input value.

crypto::sha1(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::sha1("tobie");
"c6be709a1b6429472e0c5745b411f1693c4717be"

If the argument is not a string, then the value will be cast to a string before the value is hashed:

SELECT * FROM crypto::sha1(12345);
"8cb2237d0679ca88db6464eac60da96345513964"

crypto::sha256

The crypto::sha256 function returns the sha256 hash of the input value.

crypto::sha256(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::sha256("tobie");
"33fe1859daba927ea5674813adc1cf34b9e2795f2b7e91602fae19c0d0c493af"

If the argument is not a string, then the value will be cast to a string before the value is hashed:

SELECT * FROM crypto::sha256(12345);
"5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5"

crypto::sha512

The crypto::sha512 function returns the sha512 hash of the input value.

crypto::sha512(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::sha512("tobie");
"39f0160c946c4c53702112d6ef3eea7957ea8e1c78787a482a89f8b0a8860a20ecd543432e4a187d9fdcd1c415cf61008e51a7e8bf2f22ac77e458789c9cdccc"

If the argument is not a string, then the value will be cast to a string before the value is hashed:

SELECT * FROM crypto::sha512(12345);
"3627909a29c31381a071ec27f7c9ca97726182aed29a7ddd2e54353322cfb30abb9e3a6df2ac2c20fe23436311d678564d0c8d305930575f60e2d3d048184d79"

crypto::argon2::compare

The crypto::argon2::compare function compares a hashed-and-salted argon2 password value with an unhashed password value.

crypto::argon2::compare(value, value) -> boolean

The following example shows this function, and its output, when used in a select statement:

LET $hash = "$argon2id$v=19$m=4096,t=3,p=1$pbZ6yJ2rPJKk4pyEMVwslQ$jHzpsiB+3S/H+kwFXEcr10vmOiDkBkydVCSMfRxV7CA";
LET $pass = "this is a strong password";
SELECT * FROM crypto::argon2::compare($hash, $pass);
true

crypto::argon2::generate

The crypto::argon2::generate function hashes and salts a password using the argon2 hashing algorithm.

crypto::argon2::generate(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::argon2::generate("this is a strong password");
"$argon2id$v=19$m=4096,t=3,p=1$pbZ6yJ2rPJKk4pyEMVwslQ$jHzpsiB+3S/H+kwFXEcr10vmOiDkBkydVCSMfRxV7CA"

crypto::pbkdf2::compare

The crypto::pbkdf2::compare function compares a hashed-and-salted pbkdf2 password value with an unhashed password value.

crypto::pbkdf2::compare(value, value) -> boolean

The following example shows this function, and its output, when used in a select statement:

LET $hash = "$pbkdf2-sha256$i=10000,l=32$DBURRPJODKEt0IId1Lqe+w$Ve8Z00mibHDSKLbyKTceEBBcDpGoK0AEUl7QzDTIec4";
LET $pass = "this is a strong password";
SELECT * FROM crypto::pbkdf2::compare($hash, $pass);
true

crypto::pbkdf2::generate

The crypto::pbkdf2::generate function hashes and salts a password using the pbkdf2 hashing algorithm.

crypto::pbkdf2::generate(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::pbkdf2::generate("this is a strong password");
"$pbkdf2-sha256$i=10000,l=32$DBURRPJODKEt0IId1Lqe+w$Ve8Z00mibHDSKLbyKTceEBBcDpGoK0AEUl7QzDTIec4"

crypto::scrypt::compare

The crypto::scrypt::compare function compares a hashed-and-salted scrypt password value with an unhashed password value.

crypto::scrypt::compare(value, value) -> boolean

The following example shows this function, and its output, when used in a select statement:

LET $hash = "$scrypt$ln=15,r=8,p=1$8gl7bipl0FELTy46YJOBrw$eRcS1qR22GI8VHo58WOXn9JyfDivGo5yTJFvpDyivuw";
LET $pass = "this is a strong password";
SELECT * FROM crypto::scrypt::compare($hash, $pass);
true

crypto::scrypt::generate

The crypto::scrypt::generate function hashes and salts a password using the scrypt hashing algorithm.

crypto::scrypt::generate(value) -> string

The following example shows this function, and its output, when used in a select statement:

SELECT * FROM crypto::scrypt::generate("this is a strong password");
"$scrypt$ln=15,r=8,p=1$8gl7bipl0FELTy46YJOBrw$eRcS1qR22GI8VHo58WOXn9JyfDivGo5yTJFvpDyivuw"