How to interpret the salt sent in the AuthenticationMD5Password message from the server.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to interpret the salt sent in the AuthenticationMD5Password message from the server.

PG Doc comments form
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/12/protocol-message-types.html
Description:

I'm creating a postgresql client in gdscript (you can answer my question
even if you don't know how to code in gdscript).

To do this I use the postgresql protocol specification
(https://www.postgresql.org/docs/current/protocol-flow.html)

I managed to contact the server and it asks me for
"AuthenticationMD5Password", but I cannot identify myself. I followed the
procedure to generate the password described on the page but I get a server
error.

with this sql formula that I adapted in gdscript:

concat('md5', md5(concat(md5(concat(password, username)), random-salt)))
With "password" the value "test", "username" the value "test" and
"random-salt" the value "98dec364".

We obtain: md5936597c6b72ab2681ca01dca38b17da0

I get the following error: Message: password authentication failed for user
"test" SQLSTATE code: 28P01

it seems to come from salt, is the format really an ascii string or an
exadecimal string? I tried translating it to ascii and I get unprintable
characters and the server still gives me the same error.

In short, what is the format of the salt sent to the server?

In the documentation it seems that the bytes are ascii characters but that
doesn't work. Thank you in advance...
Reply | Threaded
Open this post in threaded view
|

Re: How to interpret the salt sent in the AuthenticationMD5Password message from the server.

Tom Lane-2
PG Doc comments form <[hidden email]> writes:
> In short, what is the format of the salt sent to the server?

I think you might have a conceptual error here.  The salt is sent
from the server to you, not the other way around.  It's just four
random bytes in the AuthenticationMD5Password message, which I'm
pretty sure you should incorporate verbatim in your MD5 input.

The bytes are just binary data, they're not ASCII or encoded
in some way.

                        regards, tom lane