Re: MD5 password storage - should be the same everywhere?
| От | Adrian Klaver |
|---|---|
| Тема | Re: MD5 password storage - should be the same everywhere? |
| Дата | |
| Msg-id | 5563EF23.70206@aklaver.com обсуждение исходный текст |
| Ответ на | Re: MD5 password storage - should be the same everywhere? (Yves Dorfsman <yves@zioup.com>) |
| Список | pgsql-general |
On 05/25/2015 08:41 PM, Yves Dorfsman wrote: > On 2015-05-25 17:58, Adrian Klaver wrote: >> On 05/25/2015 01:41 PM, Francisco Reyes wrote: >>> On multiple machines, should the MD5 be the same? >>> using >>> select rolname, rolpassword,rolcanlogin from pg_catalog.pg_authid where >>> rolname = 'SomeUser'; >>> >>> Should the MD5 be the same? >> >> I understood that is just a md5 hash of the password and the username with the >> string md5 pre-appended, so it should be the same. > > On version 9 definitely, as documented: > http://www.postgresql.org/docs/9.3/static/catalog-pg-authid.html > > "The MD5 hash will be of the user's password concatenated to their user name. > For example, if user joe has password xyzzy, PostgreSQL will store the md5 > hash of xyzzyjoe." > > > Although I'm surprised it's not seeded, or even using a strong hash, but > that's a different subject. See here for more detail: http://www.postgresql.org/docs/9.4/static/protocol-flow.html AuthenticationMD5Password > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: