Re: MD5 salt

Thanks Tom, You're my hero!

However I must be doing something wrong.  This is what I do:

"md5" + MD5( MD5(Password + UserName) + Salt)

Is this a correct interpretation of your explanation?  (To this I
still need to add the zero byte for termination, isn't it?  That's
what I'm doing now anyway.)


>"M. Bastin" <marcbastin@mindspring.com> writes:
>>  How do I send an MD5 password to pgsql?  (I'm programming my own front-end)
>>  Pgsql provides a 4-byte 'salt', that you must somehow use with your
>>  password for MD5.  The trouble is, I don't know how.
>
>Step 1: compute 32-byte MD5 checksum of cleartext password concatenated
>with username.  (BTW this checksum, with "md5" on the front, is what is
>actually stored in pg_shadow.)
>
>Step 2: compute 32-byte MD5 checksum of the 32-byte result of step 1
>concatenated with the 4-byte salt from the server.  Stick "md5" on the
>front and send it to the server.
>
>            regards, tom lane