| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Matthias Apitz <guru(at)unixarea(dot)de>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: calculating the MD5 hash of role passwords in C |
| Date: | 2020-01-22 18:35:49 |
| Message-ID: | fd454da1-72ad-da91-4349-e7cb5f3572f0@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 1/22/20 10:20 AM, Matthias Apitz wrote:
>
> Hello,
>
> If I look into the database I see:
>
> sisis71=# select rolname, rolpassword from pg_authid where rolname = 'sisis';
> rolname | rolpassword
> ---------+-------------------------------------
> sisis | md52f128a1fbbecc4b16462e8fc8dda5cd5
>
> I know the clear text password of the role, it is simple 'sisis123', how
> could I calculate the above MD5 hash from the clear text password, for
> example in C? Which salt is used for the crypt(3) function?
https://www.postgresql.org/docs/12/runtime-config-connection.html
"Because md5 uses the user name as salt on both the client and server,
md5 cannot be used with db_user_namespace."
~/src/common/md5.c
/*
* Place salt at the end because it may be known by users
trying to crack
* the MD5 output.
*/
So:
select md5('sisis123sisis');
md5
----------------------------------
2f128a1fbbecc4b16462e8fc8dda5cd5
>
> Thanks
>
> matthias
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christoph Moench-Tegeder | 2020-01-22 18:58:47 | Re: calculating the MD5 hash of role passwords in C |
| Previous Message | Matthias Apitz | 2020-01-22 18:20:36 | calculating the MD5 hash of role passwords in C |