On 1/22/20 10:20 AM, Matthias Apitz wrote:
Hello,
If I look into the database I see:
sisis71=# select rolname, rolpassword from pg_authid where rolname = 'sisis';
rolname | rolpassword
---------+-------------------------------------
sisis | md52f128a1fbbecc4b16462e8fc8dda5cd5
I know the clear text password of the role, it is simple 'sisis123', how
could I calculate the above MD5 hash from the clear text password, for
example in C? Which salt is used for the crypt(3) function?
https://www.postgresql.org/docs/12/runtime-config-connection.html
"Because md5 uses the user name as salt on both the client and server,
md5 cannot be used with db_user_namespace."
~/src/common/md5.c
/*
* Place salt at the end because it may be known by users
trying to crack
* the MD5 output.
*/
So:
select md5('sisis123sisis');
md5
----------------------------------
2f128a1fbbecc4b16462e8fc8dda5cd5
Thanks
matthias
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
