Re: calculating the MD5 hash of role passwords in C

El día miércoles, enero 22, 2020 a las 07:58:47p. m. +0100, Christoph Moench-Tegeder escribió:

> ## Matthias Apitz (guru(at)unixarea(dot)de):
>
> > sisis71=# select rolname, rolpassword from pg_authid where rolname = 'sisis';
> > rolname | rolpassword
> > ---------+-------------------------------------
> > sisis | md52f128a1fbbecc4b16462e8fc8dda5cd5
> >
> > I know the clear text password of the role, it is simple 'sisis123', how
> > could I calculate the above MD5 hash from the clear text password, for
> > example in C? Which salt is used for the crypt(3) function?
>
> The documentation on pg_authid has the details:
> "The MD5 hash will be of the user's password concatenated to their user name."
> https://www.postgresql.org/docs/12/catalog-pg-authid.html

Thanks to all who replied.

This is still not exactly what I was looking for. But has an interesting
detail (salting the role password by adding the role name to it). An
implementation with UNIX crypt(3) for MD5 would need an additional salt
like '$1$salt' to encrypt 'sisis123sisis'. For sure the next place to
look is the implementation of the PostgreSQL's md5() function.

Thanks again

matthias

--
Matthias Apitz, ✉ guru(at)unixarea(dot)de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

Deutschland raus aus der NATO! NATO raus aus Deutschland! Frieden mit Russland!
Germany out of NATO! NATO out of Germany! Peace with Russia!
¡Alemania fuera de OTAN! ¡OTAN fuera de Alemania! ¡Paz con Rusia!