Re: MD5 salt
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: "M. Bastin" <marcbastin@mindspring.com>
Cc: pgsql-novice <pgsql-novice@postgresql.org>
Date: 2003-05-29T15:48:02Z
Lists: pgsql-novice
"M. Bastin" <marcbastin@mindspring.com> writes: >> Looks right to me. Do you have the MD5 algorithm correct? > I'm using the one provided with my development tool. Is there some > way I could calculate a MD5 digest with a known good tool and compare > it with my result? Well, you could compute just MD5(Password + User) and compare that to what's stored in pg_shadow. Another possibility is to add some debugging printouts to libpq and see what it computes (look at pg_password_sendauth() in src/interfaces/libpq/fe-auth.c). It could be something silly like including trailing nulls into what's processed by MD5 --- I'm pretty sure you should *not* do that, for either password or user name. regards, tom lane