Re: md5 hash question (2)
| От | Bruce Momjian |
|---|---|
| Тема | Re: md5 hash question (2) |
| Дата | |
| Msg-id | 200212101905.gBAJ5hR14876@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | md5 hash question (2) (Çağıl Şeker <cagils@biznet.com.tr>) |
| Список | pgsql-general |
�a��l �eker wrote: > > sorry, but I have another q about that md5 hashing. When I use > a sniffer on the wire I see md5 hashes of user - probably the > password hash. But when I compare the password hash with the > hash on the wire I see they are different. In what format is > the md5 hash on the wire encoded? I've tried double md5'ing but > didn't get the right hash. Ah, so your are snooping. The trick is that a random number is sent to the client on connection. The client double-MD5 encrypts the user-supplied password --- once using the username as salt, and secondly using the random number sent by the server. That way, you can't replay the sniffed password later to connect to the server. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-general по дате отправления: