Re: MD5 salt

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: "M. Bastin" <marcbastin@mindspring.com>
Cc: pgsql-novice <pgsql-novice@postgresql.org>
Date: 2003-05-29T15:48:02Z
Lists: pgsql-novice
"M. Bastin" <marcbastin@mindspring.com> writes:
>> Looks right to me.  Do you have the MD5 algorithm correct?

> I'm using the one provided with my development tool.  Is there some 
> way I could calculate a MD5 digest with a known good tool and compare 
> it with my result?

Well, you could compute just MD5(Password + User) and compare that to
what's stored in pg_shadow.  Another possibility is to add some
debugging printouts to libpq and see what it computes (look at 
pg_password_sendauth() in src/interfaces/libpq/fe-auth.c).

It could be something silly like including trailing nulls into what's
processed by MD5 --- I'm pretty sure you should *not* do that, for
either password or user name.

			regards, tom lane