On Fri, Nov 6, 2009 at 9:58 AM, Raimon Fernandez <coder@xxxxxxxxx> wrote: > > On 06/11/2009, at 8:48, Raimon Fernandez wrote: > >> I'm blocked ....... >> >> >> On 06/11/2009, at 6:27, John DeSoi wrote: >> >>> >>> On Nov 5, 2009, at 12:35 PM, Raimon Fernandez wrote: >>> >>>> at least, my first md5 (psw+user) is the same as the pg_shadow (wihtout >>>> the 'md5') ... >>>> >>>> should I md5 the first md5 as I get it as string (like username) or byte >>>> by byte ? >>> >>> As far as I know, a string. But it is unclear to me what happens when the >>> user or database name has non-ascii characters. The client encoding is not >>> established until after authentication. >>> >>> I asked about that a while ago but did not get any responses. >> >> After reading all the emails about it, I'm blocked, maybe someone can see >> where the error is and shade some light on it ... >> >> user: postgres (test values) >> psw:postgres (test values) >> >> first md5("postgrepostgres") ==> 44965A835F81EC252D83961D2CC9F3E1 >> >> salt: A6B76060 >> >> >> second md5("44965A835F81EC252D83961D2CC9F3E1"+"A6B76060") ==> >> 34F74BEF877202D4399092F97EFE8712 >> >> >> send to server: header + length + >> "md5"+"34F74BEF877202D4399092F97EFE8712" ==> Fatal error, password >> Authentication failed for user postgres ... > > I've created a tcpdump with all information: > > server => > > 52 (R) > 00 00 00 0C (12 length) > 00 00 00 05 (5 => md5) > C8 C3 57 17 (token) > > > > psql sends => > > 70 00 00 00 28 6D 64 35 33 38 38 35 30 37 37 39 31 39 64 38 30 63 39 35 62 > 33 32 34 65 39 63 36 38 65 39 64 37 66 64 63 00 => binary > p (md53885077919d80c95b324e9c68e9d7fdc => string > > > user: postgres > psw: postgre > > I can't create an identical HASH with those values, because: > > the first md5 is easy: 44965a835f81ec252d83961d2cc9f3e1c8c35717 > > Now we have to MD5 this one with the token: > > 1. 44965a835f81ec252d83961d2cc9f3e1c8c35717C8C35717 (uppercase and > lowercase) > 2. 44965a835f81ec252d83961d2cc9f3e1c8c35717c8c35717 (lowercase) > 3. 44965a835f81ec252d83961d2cc9f3e1c8c35717 + &HC8 + &HC3 + &H57 + &H17 > 4. ?????????? > > wich one is the correct ? > md5("44965a835f81ec252d83961d2cc9f3e1" + &HC8 + &HC3 + &H57 + &H17) in python: >>> hashlib.md5('44965a835f81ec252d83961d2cc9f3e1' + '\xc8\xc3\x57\x17').hexdigest() '3885077919d80c95b324e9c68e9d7fdc' -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general