Search Postgresql Archives

Re: MD5 password storage - should be the same everywhere?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/25/2015 08:41 PM, Yves Dorfsman wrote:
On 2015-05-25 17:58, Adrian Klaver wrote:
On 05/25/2015 01:41 PM, Francisco Reyes wrote:
On multiple machines, should the MD5 be the same?
using
select rolname, rolpassword,rolcanlogin from pg_catalog.pg_authid where
rolname = 'SomeUser';

Should the MD5 be the same?

I understood that is just a md5 hash of the password and the username with the
string md5 pre-appended, so it should be the same.

On version 9 definitely, as documented:
http://www.postgresql.org/docs/9.3/static/catalog-pg-authid.html

"The MD5 hash will be of the user's password concatenated to their user name.
For example, if user joe has password xyzzy, PostgreSQL will store the md5
hash of xyzzyjoe."


Although I'm surprised it's not seeded, or even using a strong hash, but
that's a different subject.

See here for more detail:

http://www.postgresql.org/docs/9.4/static/protocol-flow.html

AuthenticationMD5Password




--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux