| From: | Raimon Fernandez <coder(at)montx(dot)com> |
|---|---|
| To: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | <pgsql-general(at)postgresql(dot)org>, "John DeSoi" <desoi(at)pgedit(dot)com> |
| Subject: | Re: MD5 Authentication |
| Date: | 2009-11-06 16:25:58 |
| Message-ID: | 1A57B5B3-AD94-4149-9124-DEAE5A85BFDC@montx.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 06/11/2009, at 14:56, Albe Laurenz wrote:
> Raimon Fernandez wrote:
>>> user: postgres (test values)
>>> psw:postgres (test values)
>
> You mean, "psw: postgre", right?
yes ...
>> Now we have to MD5 this one with the token:
>>
>> 1. 44965a835f81ec252d83961d2cc9f3e1c8c35717C8C35717 (uppercase and
>> lowercase)
>> 2. 44965a835f81ec252d83961d2cc9f3e1c8c35717c8c35717 (lowercase)
>> 3. 44965a835f81ec252d83961d2cc9f3e1c8c35717 + &HC8 + &HC3 +
>> &H57 + &H17
>> 4. ??????????
>
> I think you got confused.
>
> This is the password, MD5-hashed:
>
> SELECT 'md5' || md5('postgrepostgres'::bytea) AS md5pwd;
>
> md5pwd
> -------------------------------------
> md544965a835f81ec252d83961d2cc9f3e1
> (1 row)
>
> Now let's encrypt the part without "md5" it with the four bytes "C8
> C3 57 17" appended:
>
> SELECT 'md5' || md5(E'44965a835f81ec252d83961d2cc9f3e1\\310\\303\
> \127\\027'::bytea) AS double_md5;
>
> double_md5
> -------------------------------------
> md53885077919d80c95b324e9c68e9d7fdc
> (1 row)
>
> That is what psql sends.
>
> You can see all that by looking at the code:
>
> http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-auth.c?rev=1.142
> (function pg_password_sendauth)
thanks for the info, it's working now ...
regards,
raimon
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sam Mason | 2009-11-06 17:08:33 | Re: Search system catalog for mystery type |
| Previous Message | Carlo Stonebanks | 2009-11-06 16:09:23 | Re: Search system catalog for mystery type |