From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | Yves Dorfsman <yves(at)zioup(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: MD5 password storage - should be the same everywhere? |
Date: | 2015-05-26 03:57:23 |
Message-ID: | 5563EF23.70206@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 05/25/2015 08:41 PM, Yves Dorfsman wrote:
> On 2015-05-25 17:58, Adrian Klaver wrote:
>> On 05/25/2015 01:41 PM, Francisco Reyes wrote:
>>> On multiple machines, should the MD5 be the same?
>>> using
>>> select rolname, rolpassword,rolcanlogin from pg_catalog.pg_authid where
>>> rolname = 'SomeUser';
>>>
>>> Should the MD5 be the same?
>>
>> I understood that is just a md5 hash of the password and the username with the
>> string md5 pre-appended, so it should be the same.
>
> On version 9 definitely, as documented:
> http://www.postgresql.org/docs/9.3/static/catalog-pg-authid.html
>
> "The MD5 hash will be of the user's password concatenated to their user name.
> For example, if user joe has password xyzzy, PostgreSQL will store the md5
> hash of xyzzyjoe."
>
>
> Although I'm surprised it's not seeded, or even using a strong hash, but
> that's a different subject.
See here for more detail:
http://www.postgresql.org/docs/9.4/static/protocol-flow.html
AuthenticationMD5Password
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Francisco Olarte | 2015-05-26 06:42:00 | Re: FW: Constraint exclusion in partitions |
Previous Message | Yves Dorfsman | 2015-05-26 03:41:34 | Re: MD5 password storage - should be the same everywhere? |