Search Postgresql Archives

Re: MD5 Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Nov 6, 2009 at 9:58 AM, Raimon Fernandez <coder@xxxxxxxxx> wrote:
>
> On 06/11/2009, at 8:48, Raimon Fernandez wrote:
>
>> I'm blocked .......
>>
>>
>> On 06/11/2009, at 6:27, John DeSoi wrote:
>>
>>>
>>> On Nov 5, 2009, at 12:35 PM, Raimon Fernandez wrote:
>>>
>>>> at least, my first md5 (psw+user) is the same as the pg_shadow (wihtout
>>>> the 'md5') ...
>>>>
>>>> should I md5 the first md5 as I get it as string (like username) or byte
>>>> by byte ?
>>>
>>> As far as I know, a string. But it is unclear to me what happens when the
>>> user or database name has non-ascii characters. The client encoding is not
>>> established until after authentication.
>>>
>>> I asked about that a while ago but did not get any responses.
>>
>> After reading all the emails about it, I'm blocked, maybe someone can see
>> where the error is and shade some light on it ...
>>
>> user: postgres (test values)
>> psw:postgres (test values)
>>
>> first md5("postgrepostgres") ==> 44965A835F81EC252D83961D2CC9F3E1
>>
>> salt: A6B76060
>>
>>
>> second md5("44965A835F81EC252D83961D2CC9F3E1"+"A6B76060") ==>
>>  34F74BEF877202D4399092F97EFE8712
>>
>>
>> send to server:  header + length +
>> "md5"+"34F74BEF877202D4399092F97EFE8712" ==> Fatal error, password
>> Authentication failed for user postgres ...
>
> I've created a tcpdump with all information:
>
> server =>
>
> 52 (R)
> 00 00 00 0C (12 length)
> 00 00 00 05 (5 => md5)
> C8 C3 57 17 (token)
>
>
>
> psql sends =>
>
> 70 00 00 00 28 6D 64 35 33 38 38 35 30 37 37 39 31 39 64 38 30 63 39 35 62
> 33 32 34 65 39 63 36 38 65 39 64 37 66 64 63 00 => binary
> p   (md53885077919d80c95b324e9c68e9d7fdc  => string
>
>
> user: postgres
> psw: postgre
>
> I can't create an identical HASH with those values, because:
>
> the first md5 is easy:  44965a835f81ec252d83961d2cc9f3e1c8c35717
>
> Now we have to MD5 this one with the token:
>
> 1. 44965a835f81ec252d83961d2cc9f3e1c8c35717C8C35717 (uppercase and
> lowercase)
> 2. 44965a835f81ec252d83961d2cc9f3e1c8c35717c8c35717 (lowercase)
> 3. 44965a835f81ec252d83961d2cc9f3e1c8c35717 + &HC8 + &HC3 + &H57 + &H17
> 4. ??????????
>
> wich one is the correct ?
>

md5("44965a835f81ec252d83961d2cc9f3e1" + &HC8 + &HC3 + &H57 + &H17)

in python:

>>> hashlib.md5('44965a835f81ec252d83961d2cc9f3e1' + '\xc8\xc3\x57\x17').hexdigest()
'3885077919d80c95b324e9c68e9d7fdc'

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux