Oliver Elphick <olly@lfix.co.uk> writes:
> I think the password can't be stored hash-digested because it has to be
> encrypted with a salt established at runtime. If you could just send
> the same hash-digested password over and over, it would be no more
> secure than a plaintext one.
[ looks at code... ] The actual algorithm is
t = md5hash(cleartext_password || username);
p = md5hash(t || salt);
transmit p;
where || means string concatenation. On the server side, t is the value
actually stored in pg_shadow, so it just has to do the second step to
obtain the value to compare to the password message.
In theory we could make libpq accept the password in the form of t
rather than cleartext_password, but I pretty much fail to see the point.
regards, tom lane