Home > mailing lists

Re: MD5 password storage - should be the same everywhere? - Mailing list pgsql-general

From	Yves Dorfsman
Subject	Re: MD5 password storage - should be the same everywhere?
Date	May 26, 2015 06:41:50
Msg-id	5563EB6E.7010309@zioup.com Whole thread Raw
In response to	Re: MD5 password storage - should be the same everywhere? (Adrian Klaver <adrian.klaver@aklaver.com>)
List	pgsql-general

Tree view

On 2015-05-25 17:58, Adrian Klaver wrote:
> On 05/25/2015 01:41 PM, Francisco Reyes wrote:
>> On multiple machines, should the MD5 be the same?
>> using
>> select rolname, rolpassword,rolcanlogin from pg_catalog.pg_authid where
>> rolname = 'SomeUser';
>>
>> Should the MD5 be the same?
>
> I understood that is just a md5 hash of the password and the username with the
> string md5 pre-appended, so it should be the same.

On version 9 definitely, as documented:
http://www.postgresql.org/docs/9.3/static/catalog-pg-authid.html

"The MD5 hash will be of the user's password concatenated to their user name.
For example, if user joe has password xyzzy, PostgreSQL will store the md5
hash of xyzzyjoe."

Although I'm surprised it's not seeded, or even using a strong hash, but
that's a different subject.

--
http://yves.zioup.com
gpg: 4096R/32B0F416

pgsql-general by date:

From: Yves Dorfsman
Date: 26 May 2015, 06:41:48
Subject: Re: MD5 password storage - should be the same everywhere?

From: Adrian Klaver
Date: 26 May 2015, 06:57:35
Subject: Re: MD5 password storage - should be the same everywhere?

Re: MD5 password storage - should be the same everywhere? - Mailing list pgsql-general

Previous

Next