Re: MD5 password storage - should be the same everywhere?

On 2015-05-25 17:58, Adrian Klaver wrote:
> On 05/25/2015 01:41 PM, Francisco Reyes wrote:
>> On multiple machines, should the MD5 be the same?
>> using
>> select rolname, rolpassword,rolcanlogin from pg_catalog.pg_authid where
>> rolname = 'SomeUser';
>>
>> Should the MD5 be the same?
>
> I understood that is just a md5 hash of the password and the username with the
> string md5 pre-appended, so it should be the same.

On version 9 definitely, as documented:
http://www.postgresql.org/docs/9.3/static/catalog-pg-authid.html

"The MD5 hash will be of the user's password concatenated to their user name.
For example, if user joe has password xyzzy, PostgreSQL will store the md5
hash of xyzzyjoe."


Although I'm surprised it's not seeded, or even using a strong hash, but
that's a different subject.

--
http://yves.zioup.com
gpg: 4096R/32B0F416