Re: MD5 password storage - should be the same everywhere? - Mailing list pgsql-general

From Adrian Klaver
Subject Re: MD5 password storage - should be the same everywhere?
Date
Msg-id 5563EF23.70206@aklaver.com
Whole thread Raw
In response to Re: MD5 password storage - should be the same everywhere?  (Yves Dorfsman <yves@zioup.com>)
List pgsql-general
On 05/25/2015 08:41 PM, Yves Dorfsman wrote:
> On 2015-05-25 17:58, Adrian Klaver wrote:
>> On 05/25/2015 01:41 PM, Francisco Reyes wrote:
>>> On multiple machines, should the MD5 be the same?
>>> using
>>> select rolname, rolpassword,rolcanlogin from pg_catalog.pg_authid where
>>> rolname = 'SomeUser';
>>>
>>> Should the MD5 be the same?
>>
>> I understood that is just a md5 hash of the password and the username with the
>> string md5 pre-appended, so it should be the same.
>
> On version 9 definitely, as documented:
> http://www.postgresql.org/docs/9.3/static/catalog-pg-authid.html
>
> "The MD5 hash will be of the user's password concatenated to their user name.
> For example, if user joe has password xyzzy, PostgreSQL will store the md5
> hash of xyzzyjoe."
>
>
> Although I'm surprised it's not seeded, or even using a strong hash, but
> that's a different subject.

See here for more detail:

http://www.postgresql.org/docs/9.4/static/protocol-flow.html

AuthenticationMD5Password

>


--
Adrian Klaver
adrian.klaver@aklaver.com


pgsql-general by date:

Previous
From: Yves Dorfsman
Date:
Subject: Re: MD5 password storage - should be the same everywhere?
Next
From: Francisco Olarte
Date:
Subject: Re: FW: Constraint exclusion in partitions