| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Derrick Rice <derrick(dot)rice(at)gmail(dot)com> |
| Cc: | Fred Cox <sailorfred(at)yahoo(dot)com>, "pgsql-docs(at)postgresql(dot)org" <pgsql-docs(at)postgresql(dot)org> |
| Subject: | Re: Algorithm for generating md5 encrypted password not found in documentation |
| Date: | 2011-10-27 20:54:20 |
| Message-ID: | 201110272054.p9RKsKs18362@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
Derrick Rice wrote:
> On Thu, Oct 20, 2011 at 9:56 AM, Derrick Rice <derrick(dot)rice(at)gmail(dot)com> wrote:
> > If I recall correctly, it's the username and the password concatenated
> > and md5'd, then "md5" prepended.
> >
> > USER=...
> > PASS=...
> > MD5=`echo $USER$PASS | md5sum | cut -d' ' -f1`
> > echo "md5$MD5"
>
> Figures I send the email then discover a small mistake.
>
> It's password first. So change $USER$PASS to $PASS$USER
We did document this for 9.2:
http://developer.postgresql.org/pgdocs/postgres/protocol-flow.html#AEN92524
AuthenticationMD5Password
The frontend must now send a PasswordMessage containing the password
(with username) encrypted via MD5, then encrypted again using the 4-byte
random salt specified in the AuthenticationMD5Password message. If this
is the correct password, the server responds with an AuthenticationOk,
otherwise it responds with an ErrorResponse. The actual PasswordMessage
can be computed in SQL as concat('md5', md5(concat(md5(concat(password,
username)), random-salt))). (Keep in mind the md5() function returns its
result as a hex string.)
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2011-10-28 21:59:28 | Re: Link to PAM pages broken |
| Previous Message | Alvaro Herrera | 2011-10-24 15:28:29 | Re: non-ASCII characters in SGML documentation (and elsewhere) |