| From: | "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com> |
|---|---|
| To: | "Don V(dot) Soledad" <don(dot)soledad(at)uratex(dot)com(dot)ph> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: decrypted pwd |
| Date: | 2003-09-08 14:53:26 |
| Message-ID: | Pine.LNX.4.33.0309080851460.11416-100000@css120.ihs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sat, 6 Sep 2003, Don V. Soledad wrote:
> good day!
>
> is there a way to retrieve a user's decrypted password, just like when i
> issued a "SELECT * FROM pg_shadow;" in the earlier version of postgresql?
Sure, here's the simple method:
1: Generate a list of all possible passwords.
2: Generate an md5 sig for each one.
3: Compare your infinite number of md5 sigs to the one stored for the
user. When they match, you've got the original password, or at least a
password that will work just like the original.
I think the total computer time required to do this is something on the
order of a few thousand years, so it might take a rather large farm of
machines in a cluster to do this.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-09-08 15:02:40 | Re: SRF question |
| Previous Message | Ian Warford | 2003-09-08 14:30:27 | PL/PerlU problems executing other scripts |