Home > mailing lists

Re: md5 again - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: md5 again
Date	July 11, 2000 14:01:00
Msg-id	200007111500.LAA03436@candle.pha.pa.us Whole thread Raw
In response to	md5 again (Vince Vielhaber <vev@michvhf.com>)
Responses	Re: md5 again (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

> direction    what
> ----------------------------------------------
> CL -> PG    username
> PG -> CL    random salt
> CL -> PG    plaintext passwd
> 
> 
> CL -> PG    username
> PG -> CL    user salt 
^^^^^^^^^^^^^^^^^^^^^^^^^
> PG -> CL    random salt
> CL -> PG    encrypted passwd
> 


MD5(MD5(username+user_salt)+random_salt)

Postmaster takes its pg_shadow MD5(username+user_salt) and does another
MD5 with the random salt and compares it with what was sent from the
client.

If the connection is defined as requiring crypt or password, only this
MD5 method can be used.  If trusted is defined, cleartext passwords can
be accepted.

Don't bother encrypting the username.  No security is gained.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

From: Bruce Momjian
Date: 11 July 2000, 13:51:27
Subject: Re: AW: update on TOAST status'

From: Bruce Momjian
Date: 11 July 2000, 14:04:12
Subject: Re: postmaster errors with index on temp table?

Re: md5 again - Mailing list pgsql-hackers

Previous

Next