Re: MD5 salt

At 11:06 AM -0400 5/29/03, Tom Lane wrote:
>"M. Bastin" <marcbastin@mindspring.com> writes:
>>  However I must be doing something wrong.  This is what I do:
>>  "md5" + MD5( MD5(Password + UserName) + Salt)
>>  Is this a correct interpretation of your explanation?
>
>Looks right to me.  Do you have the MD5 algorithm correct?

I'm using the one provided with my development tool.  Is there some
way I could calculate a MD5 digest with a known good tool and compare
it with my result?

>You might try testing with plain-text password auth method to make sure
>you have the basic Password-message mechanics down, before you go on
>with MD5.

Exactly, that's what I did and it works, so I'm pretty sure there
must be something wrong with the MD5 algorithm I use, (or else I
don't extract the salt properly out of the data stream but I'm quite
sure I've got that covered).

...

Mmmm...  I've just done some testing and my MD5 function gives me 16
bytes instead of 32.  I'll look into this.