On 1/22/20 10:20 AM, Matthias Apitz wrote:
>
> Hello,
>
> If I look into the database I see:
>
> sisis71=# select rolname, rolpassword from pg_authid where rolname = 'sisis';
> rolname | rolpassword
> ---------+-------------------------------------
> sisis | md52f128a1fbbecc4b16462e8fc8dda5cd5
>
> I know the clear text password of the role, it is simple 'sisis123', how
> could I calculate the above MD5 hash from the clear text password, for
> example in C? Which salt is used for the crypt(3) function?
https://www.postgresql.org/docs/12/runtime-config-connection.html
"Because md5 uses the user name as salt on both the client and server,
md5 cannot be used with db_user_namespace."
~/src/common/md5.c
/*
* Place salt at the end because it may be known by users
trying to crack
* the MD5 output.
*/
So:
select md5('sisis123sisis');
md5
----------------------------------
2f128a1fbbecc4b16462e8fc8dda5cd5
>
> Thanks
>
> matthias
>
--
Adrian Klaver
adrian.klaver@aklaver.com