On Sat, 6 Sep 2003, Don V. Soledad wrote:
> good day!
>
> is there a way to retrieve a user's decrypted password, just like when i
> issued a "SELECT * FROM pg_shadow;" in the earlier version of postgresql?
Sure, here's the simple method:
1: Generate a list of all possible passwords.
2: Generate an md5 sig for each one.
3: Compare your infinite number of md5 sigs to the one stored for the
user. When they match, you've got the original password, or at least a
password that will work just like the original.
I think the total computer time required to do this is something on the
order of a few thousand years, so it might take a rather large farm of
machines in a cluster to do this.
