Re: MD5 salt

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "M(dot) Bastin" <marcbastin(at)mindspring(dot)com>
Cc: pgsql-novice <pgsql-novice(at)postgresql(dot)org>
Subject: Re: MD5 salt
Date: 2003-05-29 14:04:50
Message-ID: 17314.1054217090@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

"M. Bastin" <marcbastin(at)mindspring(dot)com> writes:
> How do I send an MD5 password to pgsql? (I'm programming my own front-end)
> Pgsql provides a 4-byte 'salt', that you must somehow use with your
> password for MD5. The trouble is, I don't know how.

Step 1: compute 32-byte MD5 checksum of cleartext password concatenated
with username. (BTW this checksum, with "md5" on the front, is what is
actually stored in pg_shadow.)

Step 2: compute 32-byte MD5 checksum of the 32-byte result of step 1
concatenated with the 4-byte salt from the server. Stick "md5" on the
front and send it to the server.

regards, tom lane

In response to

  • MD5 salt at 2003-05-29 11:10:53 from M. Bastin

Responses

Browse pgsql-novice by date

  From Date Subject
Next Message M. Bastin 2003-05-29 14:11:49 OIDs of data types
Previous Message Bruno Wolff III 2003-05-29 11:16:59 Re: + operator with a possible NULL operand