| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "M(dot) Bastin" <marcbastin(at)mindspring(dot)com> |
| Cc: | pgsql-novice <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: MD5 salt |
| Date: | 2003-05-29 15:48:02 |
| Message-ID: | 18153.1054223282@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
"M. Bastin" <marcbastin(at)mindspring(dot)com> writes:
>> Looks right to me. Do you have the MD5 algorithm correct?
> I'm using the one provided with my development tool. Is there some
> way I could calculate a MD5 digest with a known good tool and compare
> it with my result?
Well, you could compute just MD5(Password + User) and compare that to
what's stored in pg_shadow. Another possibility is to add some
debugging printouts to libpq and see what it computes (look at
pg_password_sendauth() in src/interfaces/libpq/fe-auth.c).
It could be something silly like including trailing nulls into what's
processed by MD5 --- I'm pretty sure you should *not* do that, for
either password or user name.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chad Thompson | 2003-05-29 16:18:51 | Rumblings of 7.4 |
| Previous Message | M. Bastin | 2003-05-29 15:40:30 | Re: MD5 salt |