Re: MD5 salt

"M. Bastin" <marcbastin@mindspring.com> writes:
>> Looks right to me.  Do you have the MD5 algorithm correct?

> I'm using the one provided with my development tool.  Is there some
> way I could calculate a MD5 digest with a known good tool and compare
> it with my result?

Well, you could compute just MD5(Password + User) and compare that to
what's stored in pg_shadow.  Another possibility is to add some
debugging printouts to libpq and see what it computes (look at
pg_password_sendauth() in src/interfaces/libpq/fe-auth.c).

It could be something silly like including trailing nulls into what's
processed by MD5 --- I'm pretty sure you should *not* do that, for
either password or user name.

            regards, tom lane