Re: MD5 password storage - should be the same everywhere?

From: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
To: Yves Dorfsman <yves(at)zioup(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: MD5 password storage - should be the same everywhere?
Date: 2015-05-26 03:57:23
Message-ID: 5563EF23.70206@aklaver.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 05/25/2015 08:41 PM, Yves Dorfsman wrote:
> On 2015-05-25 17:58, Adrian Klaver wrote:
>> On 05/25/2015 01:41 PM, Francisco Reyes wrote:
>>> On multiple machines, should the MD5 be the same?
>>> using
>>> select rolname, rolpassword,rolcanlogin from pg_catalog.pg_authid where
>>> rolname = 'SomeUser';
>>>
>>> Should the MD5 be the same?
>>
>> I understood that is just a md5 hash of the password and the username with the
>> string md5 pre-appended, so it should be the same.
>
> On version 9 definitely, as documented:
> http://www.postgresql.org/docs/9.3/static/catalog-pg-authid.html
>
> "The MD5 hash will be of the user's password concatenated to their user name.
> For example, if user joe has password xyzzy, PostgreSQL will store the md5
> hash of xyzzyjoe."
>
>
> Although I'm surprised it's not seeded, or even using a strong hash, but
> that's a different subject.

See here for more detail:

http://www.postgresql.org/docs/9.4/static/protocol-flow.html

AuthenticationMD5Password

>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Francisco Olarte 2015-05-26 06:42:00 Re: FW: Constraint exclusion in partitions
Previous Message Yves Dorfsman 2015-05-26 03:41:34 Re: MD5 password storage - should be the same everywhere?