Home > mailing lists

Re: libpq: passwords WAS: scripting & psql issues - Mailing list pgsql-general

From	Tom Lane
Subject	Re: libpq: passwords WAS: scripting & psql issues
Date	August 19, 2004 14:44:58
Msg-id	15747.1092926697@sss.pgh.pa.us Whole thread Raw
In response to	Re: libpq: passwords WAS: scripting & psql issues (Oliver Elphick <olly@lfix.co.uk>)
Responses	Re: libpq: passwords WAS: scripting & psql issues Re: libpq: passwords WAS: scripting & psql issues
List	pgsql-general

Tree view

Oliver Elphick <olly@lfix.co.uk> writes:
> I think the password can't be stored hash-digested because it has to be
> encrypted with a salt established at runtime.  If you could just send
> the same hash-digested password over and over, it would be no more
> secure than a plaintext one.

[ looks at code... ]  The actual algorithm is

    t = md5hash(cleartext_password || username);
    p = md5hash(t || salt);
    transmit p;

where || means string concatenation.  On the server side, t is the value
actually stored in pg_shadow, so it just has to do the second step to
obtain the value to compare to the password message.

In theory we could make libpq accept the password in the form of t
rather than cleartext_password, but I pretty much fail to see the point.

            regards, tom lane

pgsql-general by date:

From: Tom Lane
Date: 19 August 2004, 14:36:06
Subject: Re: Stored Procedures woes

From: Oleg Bartunov
Date: 19 August 2004, 14:45:03
Subject: Re: Finally tsearch works ... somehow... remain a few

Re: libpq: passwords WAS: scripting & psql issues - Mailing list pgsql-general

Previous

Next