Raimon Fernandez wrote:
> > I'm blocked .......
[...]
> > user: postgres (test values)
> > psw:postgres (test values)
You mean, "psw: postgre", right?
> >
> > first md5("postgrepostgres") ==> 44965A835F81EC252D83961D2CC9F3E1
> >
> > salt: A6B76060
> >
> >
> > second md5("44965A835F81EC252D83961D2CC9F3E1"+"A6B76060") ==>
> > 34F74BEF877202D4399092F97EFE8712
> >
> >
> > send to server: header + length +
> > "md5"+"34F74BEF877202D4399092F97EFE8712" ==> Fatal error, password
> > Authentication failed for user postgres ...
>
> I've created a tcpdump with all information:
>
> server =>
>
> 52 (R)
> 00 00 00 0C (12 length)
> 00 00 00 05 (5 => md5)
> C8 C3 57 17 (token)
>
>
>
> psql sends =>
>
> 70 00 00 00 28 6D 64 35 33 38 38 35 30 37 37 39 31 39 64 38 30 63 39
> 35 62 33 32 34 65 39 63 36 38 65 39 64 37 66 64 63 00 => binary
> p(md53885077919d80c95b324e9c68e9d7fdc => string
>
>
> user: postgres
> psw: postgre
>
> I can't create an identical HASH with those values, because:
>
> the first md5 is easy: 44965a835f81ec252d83961d2cc9f3e1c8c35717
>
> Now we have to MD5 this one with the token:
>
> 1. 44965a835f81ec252d83961d2cc9f3e1c8c35717C8C35717 (uppercase and
> lowercase)
> 2. 44965a835f81ec252d83961d2cc9f3e1c8c35717c8c35717 (lowercase)
> 3. 44965a835f81ec252d83961d2cc9f3e1c8c35717 + &HC8 + &HC3 +
> &H57 + &H17
> 4. ??????????
I think you got confused.
This is the password, MD5-hashed:
SELECT 'md5' || md5('postgrepostgres'::bytea) AS md5pwd;
md5pwd
-------------------------------------
md544965a835f81ec252d83961d2cc9f3e1
(1 row)
Now let's encrypt the part without "md5" it with the four bytes "C8 C3 57 17" appended:
SELECT 'md5' || md5(E'44965a835f81ec252d83961d2cc9f3e1\\310\\303\\127\\027'::bytea) AS double_md5;
double_md5
-------------------------------------
md53885077919d80c95b324e9c68e9d7fdc
(1 row)
That is what psql sends.
You can see all that by looking at the code:
http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-auth.c?rev=1.142
(function pg_password_sendauth)
Yours,
Laurenz Albe
