Re: Algorithm for generating md5 encrypted password not found in documentation

Derrick Rice wrote:
> On Thu, Oct 20, 2011 at 9:56 AM, Derrick Rice <derrick.rice@gmail.com> wrote:
> > If I recall correctly, it's the username and the password concatenated
> > and md5'd, then "md5" prepended.
> >
> > USER=...
> > PASS=...
> > MD5=`echo $USER$PASS | md5sum | cut -d' ' -f1`
> > echo "md5$MD5"
>
> Figures I send the email then discover a small mistake.
>
> It's password first.  So change $USER$PASS to $PASS$USER

We did document this for 9.2:

    http://developer.postgresql.org/pgdocs/postgres/protocol-flow.html#AEN92524

    AuthenticationMD5Password

        The frontend must now send a PasswordMessage containing the password
    (with username) encrypted via MD5, then encrypted again using the 4-byte
    random salt specified in the AuthenticationMD5Password message. If this
    is the correct password, the server responds with an AuthenticationOk,
    otherwise it responds with an ErrorResponse. The actual PasswordMessage
    can be computed in SQL as concat('md5', md5(concat(md5(concat(password,
    username)), random-salt))). (Keep in mind the md5() function returns its
    result as a hex string.)

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +