MD5 passwords explained (was Re: md5 hash question (2)) - Mailing list pgsql-general

From Magnus Naeslund(f)
Subject MD5 passwords explained (was Re: md5 hash question (2))
Date
Msg-id 00ee01c2a032$6a9df160$f80c0a0a@mnd
Whole thread Raw
In response to md5 hash question (2)  (Çağıl Şeker <cagils@biznet.com.tr>)
Responses Re: MD5 passwords explained (was Re: md5 hash question (2))  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-general
Çagil Seker <cagils@biznet.com.tr> wrote:
> sorry, but I have another q about that md5 hashing. When I use a
> sniffer on the wire I see md5 hashes of user - probably the password
> hash. But when I compare the password hash with the hash on the wire
> I see they are different. In what format is the md5 hash on the wire
> encoded? I've tried double md5'ing but didn't get the right hash.
>

There seems to be some confusion regarding the md5 authentication method
used in postgresql, and i thought it might be good if i typed this
message so that it can be referred to if anyone asks these questions
again.

Someone will surely correct me if i'm wrong :)

The password in the database is stored like this:

md5passwd = "md5"+md5(cleartxtpasswd+user);

When connecting and authenticating  this happens:

The server generates a random salt  (nonce) and sends it to the client.

md5salt = 4 random chars

The client then does this:

md5hash = md5(md5(cleartxtpasswd+user)+md5salt)

and sends it to the server.

The server then does the same on it's side and compares the result with
the hash gotten from the client. If they match the password is correct.

This is standard MAC / shared secret stuff.

It's done do avoid sending clear text passwords (or even the stored md5
password, to prevent brute force cracking) over the wire.

Regards
Magnus


pgsql-general by date:

Previous
From: Lincoln Yeoh
Date:
Subject: Full text indexing - Burrows-Wheeler + suffix arrays
Next
From: Çağıl Şeker
Date:
Subject: Re: MD5 passwords explained (was Re: md5 hash question (2))