| From: | "M(dot) Bastin" <marcbastin(at)mindspring(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-novice <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: MD5 salt |
| Date: | 2003-05-29 14:49:59 |
| Message-ID: | a05210607bafbcca4072d@[213.224.115.34] |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Thanks Tom, You're my hero!
However I must be doing something wrong. This is what I do:
"md5" + MD5( MD5(Password + UserName) + Salt)
Is this a correct interpretation of your explanation? (To this I
still need to add the zero byte for termination, isn't it? That's
what I'm doing now anyway.)
>"M. Bastin" <marcbastin(at)mindspring(dot)com> writes:
>> How do I send an MD5 password to pgsql? (I'm programming my own front-end)
>> Pgsql provides a 4-byte 'salt', that you must somehow use with your
>> password for MD5. The trouble is, I don't know how.
>
>Step 1: compute 32-byte MD5 checksum of cleartext password concatenated
>with username. (BTW this checksum, with "md5" on the front, is what is
>actually stored in pg_shadow.)
>
>Step 2: compute 32-byte MD5 checksum of the 32-byte result of step 1
>concatenated with the 4-byte salt from the server. Stick "md5" on the
>front and send it to the server.
>
> regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-05-29 14:52:35 | Re: OIDs of data types |
| Previous Message | Crombleholme, Roy | 2003-05-29 14:19:15 | pg_stat_database |