Re: MD5 password storage - should be the same everywhere?

From: Yves Dorfsman <yves(at)zioup(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: MD5 password storage - should be the same everywhere?
Date: 2015-05-26 03:41:34
Message-ID: 5563EB6E.7010309@zioup.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 2015-05-25 17:58, Adrian Klaver wrote:
> On 05/25/2015 01:41 PM, Francisco Reyes wrote:
>> On multiple machines, should the MD5 be the same?
>> using
>> select rolname, rolpassword,rolcanlogin from pg_catalog.pg_authid where
>> rolname = 'SomeUser';
>>
>> Should the MD5 be the same?
>
> I understood that is just a md5 hash of the password and the username with the
> string md5 pre-appended, so it should be the same.

On version 9 definitely, as documented:
http://www.postgresql.org/docs/9.3/static/catalog-pg-authid.html

"The MD5 hash will be of the user's password concatenated to their user name.
For example, if user joe has password xyzzy, PostgreSQL will store the md5
hash of xyzzyjoe."

Although I'm surprised it's not seeded, or even using a strong hash, but
that's a different subject.

--
http://yves.zioup.com
gpg: 4096R/32B0F416

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Adrian Klaver 2015-05-26 03:57:23 Re: MD5 password storage - should be the same everywhere?
Previous Message Adrian Klaver 2015-05-25 23:58:42 Re: MD5 password storage - should be the same everywhere?