Re: calculating the MD5 hash of role passwords in C

On 1/22/20 10:20 AM, Matthias Apitz wrote:
> 
> Hello,
> 
> If I look into the database I see:
> 
> sisis71=# select rolname, rolpassword from pg_authid where rolname = 'sisis';
>   rolname |             rolpassword
> ---------+-------------------------------------
>   sisis   | md52f128a1fbbecc4b16462e8fc8dda5cd5
> 
> I know the clear text password of the role, it is simple 'sisis123', how
> could I calculate the above MD5 hash from the clear text password, for
> example in C? Which salt is used for the crypt(3) function?

https://www.postgresql.org/docs/12/runtime-config-connection.html

"Because md5 uses the user name as salt on both the client and server, 
md5 cannot be used with db_user_namespace."

~/src/common/md5.c
/*
          * Place salt at the end because it may be known by users 
trying to crack
          * the MD5 output.
          */


So:
select md5('sisis123sisis');
                md5
----------------------------------
  2f128a1fbbecc4b16462e8fc8dda5cd5

> 
> Thanks
> 
>     matthias
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com