Re: libpq: passwords WAS: scripting & psql issues

Oliver Elphick <olly@lfix.co.uk> writes:
> I think the password can't be stored hash-digested because it has to be
> encrypted with a salt established at runtime.  If you could just send
> the same hash-digested password over and over, it would be no more
> secure than a plaintext one.

[ looks at code... ]  The actual algorithm is

    t = md5hash(cleartext_password || username);
    p = md5hash(t || salt);
    transmit p;

where || means string concatenation.  On the server side, t is the value
actually stored in pg_shadow, so it just has to do the second step to
obtain the value to compare to the password message.

In theory we could make libpq accept the password in the form of t
rather than cleartext_password, but I pretty much fail to see the point.

            regards, tom lane