Algorithm for generating md5 encrypted password not found in documentation
On http://www.postgresql.org/docs/9.1/interactive/sql-createrole.html there is mention of a possibility of setting a password for a new role by supplying it in md5 format. This format doesn't seem to be documented.
"If the presented password string is already in MD5-encrypted format, then it is stored encrypted as-is"
Looking at pg_dumpall let me know that the string needs to start with "md5" but a naive running if my password through the command line md5 utility and prefixing "md5" was not correct.
If the algorithm is documented elsewhere, can it be linked from this page?
Thanks,
Fred
On Wed, Oct 19, 2011 at 3:04 PM, Fred Cox <sailorfred@yahoo.com> wrote:
On http://www.postgresql.org/docs/9.1/interactive/sql-createrole.html there is mention of a possibility of setting a password for a new role by supplying it in md5 format. This format doesn't seem to be documented.
"If the presented password string is already in MD5-encrypted format, then it is stored encrypted as-is"
Looking at pg_dumpall let me know that the string needs to start with "md5" but a naive running if my password through the command line md5 utility and prefixing "md5" was not correct.
If I recall correctly, it's the username and the password concatenated
and md5'd, then "md5" prepended.
USER=...
PASS=...
MD5=`echo $USER$PASS | md5sum | cut -d' ' -f1`
echo "md5$MD5"
If the algorithm is documented elsewhere, can it be linked from this page?
I don't remember where I figured that out, and I cannot find a
reference in the documentation either. +1 this suggestion.
Derrick
On Thu, Oct 20, 2011 at 9:56 AM, Derrick Rice <derrick.rice@gmail.com> wrote:
If I recall correctly, it's the username and the password concatenated
and md5'd, then "md5" prepended.USER=...
PASS=...
MD5=`echo $USER$PASS | md5sum | cut -d' ' -f1`
echo "md5$MD5"
Figures I send the email then discover a small mistake.
It's password first. So change $USER$PASS to $PASS$USER
Derrick Rice wrote:
On Thu, Oct 20, 2011 at 9:56 AM, Derrick Rice <derrick.rice@gmail.com> wrote:
If I recall correctly, it's the username and the password concatenated
and md5'd, then "md5" prepended.USER=...
PASS=...
MD5=`echo $USER$PASS | md5sum | cut -d' ' -f1`
echo "md5$MD5"Figures I send the email then discover a small mistake.
It's password first. So change $USER$PASS to $PASS$USER
We did document this for 9.2:
http://developer.postgresql.org/pgdocs/postgres/protocol-flow.html#AEN92524
AuthenticationMD5Password
The frontend must now send a PasswordMessage containing the password
(with username) encrypted via MD5, then encrypted again using the 4-byte
random salt specified in the AuthenticationMD5Password message. If this
is the correct password, the server responds with an AuthenticationOk,
otherwise it responds with an ErrorResponse. The actual PasswordMessage
can be computed in SQL as concat('md5', md5(concat(md5(concat(password,
username)), random-salt))). (Keep in mind the md5() function returns its
result as a hex string.)
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +