Re: MD5 Authentication

"Albe Laurenz" <laurenz.albe@xxxxxxxxxx> · Fri, 6 Nov 2009 14:56:51 +0100

Raimon Fernandez wrote:
> > I'm blocked .......
[...]
> > user: postgres (test values)
> > psw:postgres (test values)

You mean, "psw: postgre", right?

> >
> > first md5("postgrepostgres") ==> 44965A835F81EC252D83961D2CC9F3E1
> >
> > salt: A6B76060
> >
> >
> > second md5("44965A835F81EC252D83961D2CC9F3E1"+"A6B76060") ==>   
> > 34F74BEF877202D4399092F97EFE8712
> >
> >
> > send to server:  header + length +  
> > "md5"+"34F74BEF877202D4399092F97EFE8712" ==> Fatal error, password  
> > Authentication failed for user postgres ...
> 
> I've created a tcpdump with all information:
> 
> server =>
> 
> 52 (R)
> 00 00 00 0C (12 length)
> 00 00 00 05 (5 => md5)
> C8 C3 57 17 (token)
> 
> 
> 
> psql sends =>
> 
> 70 00 00 00 28 6D 64 35 33 38 38 35 30 37 37 39 31 39 64 38 30 63 39  
> 35 62 33 32 34 65 39 63 36 38 65 39 64 37 66 64 63 00 => binary
> p(md53885077919d80c95b324e9c68e9d7fdc => string
> 
> 
> user: postgres
> psw: postgre
> 
> I can't create an identical HASH with those values, because:
> 
> the first md5 is easy:  44965a835f81ec252d83961d2cc9f3e1c8c35717
> 
> Now we have to MD5 this one with the token:
> 
> 1. 44965a835f81ec252d83961d2cc9f3e1c8c35717C8C35717 (uppercase and  
> lowercase)
> 2. 44965a835f81ec252d83961d2cc9f3e1c8c35717c8c35717 (lowercase)
> 3. 44965a835f81ec252d83961d2cc9f3e1c8c35717 + &HC8 + &HC3 + 
> &H57 + &H17
> 4. ??????????

I think you got confused.

This is the password, MD5-hashed:

SELECT 'md5' || md5('postgrepostgres'::bytea) AS md5pwd;

               md5pwd                
-------------------------------------
 md544965a835f81ec252d83961d2cc9f3e1
(1 row)

Now let's encrypt the part without "md5" it with the four bytes "C8 C3 57 17" appended:

SELECT 'md5' || md5(E'44965a835f81ec252d83961d2cc9f3e1\\310\\303\\127\\027'::bytea) AS double_md5;

             double_md5              
-------------------------------------
 md53885077919d80c95b324e9c68e9d7fdc
(1 row)

That is what psql sends.

You can see all that by looking at the code:

http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-auth.c?rev=1.142
(function pg_password_sendauth)

Yours,
Laurenz Albe

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general