How PostgreSQL user passwords are encrypted and stored through md5, and whether salt is added. 04/25 Update SLTechnology News&Howtos

How PostgreSQL user passwords are encrypted and stored through md5, and whether salt is added.

2025-04-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Shulou(Shulou.com)06/01 Report--

1. How to encrypt the password of PG users through md5, and whether or not salt is added? This article will track and analyze from the point of view of source code.

When PG users encrypt via md5, they add salt, and this salt is the user name string.

Second, source code analysis

CreateRole: shadow_pass = encrypt_password (Password_encryption, stmt- > role,password);-- pg_md5_encrypt (password, role, strlen (role), encrypted_password); |-- memcpy (crypt_buf, passwd, passwd_len); | memcpy (crypt_buf + passwd_len, role, strlen (role)); | strcpy (buf, "md5") | |-|-pg_md5_hash (crypt_buf, passwd_len + salt_len, buf + 3); new_ record [Anum _ pg_authid_rolpassword-1] = CStringGetTextDatum (shadow_pass) |

3. Gdb tracking

1. Break the point on the function encrypt_password, and then the client executes: create user yzs with password '123456commands; create a user with a password to see if md5 is used by default.

Postgres=# create user yzs with password '123456'

2. Stack information

Breakpoint 1, encrypt_password (target_type=PASSWORD_TYPE_MD5, role=0x99c3b3c "yzs", password=0x99c3b4c "123456") at crypt.c:111111 PasswordType guessed_type = get_password_type (password); (gdb) bt#0 encrypt_password (target_type=PASSWORD_TYPE_MD5, role=0x99c3b3c "yzs", password=0x99c3b4c "123456") at crypt.c:111#1 0x0827b7a2 in CreateRole (pstate=0x9a0d804, stmt=0x99c3bbc) at user.c:412#2 0x0840fc18 in standard_ProcessUtility (pstmt=0x99c3c14, queryString=0x99c31dc "create user yzs with password '123456' ", context=PROCESS_UTILITY_TOPLEVEL, params=0x0, queryEnv=0x0, dest=0x99c3d74, completionTag=0xbf9119e6") at utility.c:722#3 0x0840f42a in ProcessUtility (pstmt=0x99c3c14, queryString=0x99c31dc "create user yzs with password '123456' ", context=PROCESS_UTILITY_TOPLEVEL, params=0x0, queryEnv=0x0, dest=0x99c3d74, completionTag=0xbf9119e6") at utility.c:357#4 0x0840e6ea in PortalRunUtility (portal=0x9a20634, pstmt=0x99c3c14, isTopLevel=1'\ 001, setHoldSnapshot=0'\ 000, dest=0x99c3d74, completionTag=0xbf9119e6 "") at pquery.c:1178#5 0x0840e8b7 in PortalRunMulti (portal=0x9a20634, isTopLevel=1'\ 001, setHoldSnapshot=0'\ 000, dest=0x99c3d74, altdest=0x99c3d74, completionTag=0xbf9119e6 "") at pquery.c:1324#6 0x0840ded2 in PortalRun (portal=0x9a20634, count=2147483647, isTopLevel=1'\ 001, run_once=1'\ 001, dest=0x99c3d74, altdest=0x99c3d74 CompletionTag=0xbf9119e6 "") at pquery.c:799#7 0x08408692 in exec_simple_query (query_string=0x99c31dc "create user yzs with password '123456' ") at postgres.c:1099#8 0x0840c5d4 in PostgresMain (argc=1, argv=0x997edc4, dbname=0x997ecf4" postgres ", username=0x99558cc" postgres ") at postgres.c:4088#9 0x083864e6 in BackendRun (port=0x9978038) at postmaster.c:4409#10 0x08385c5d in BackendStartup (port=0x9978038) at postmaster.c:4081#11 0x083822d9 in ServerLoop () at postmaster.c:1755#12 0x083819d6 in PostmasterMain (argc=3, argv=0x9953810) at postmaster.c:1363#13 0x082dfb60 in main (argc=3 Argv=0x9953810) at main.c:228 (gdb) n114 if (guessed_type! = PASSWORD_TYPE_PLAINTEXT) (gdb) 123 switch (target_type) (gdb) 126 encrypted_password = palloc (MD5_PASSWD_LEN + 1) (gdb) 128 if (! pg_md5_encrypt (password, role, strlen (role), (gdb) spg_md5_encrypt (passwd=0x99c3b4c "123456", salt=0x99c3b3c "yzs", salt_len=3, buf=0x9a0d984 "") at md5.c:326326 size_t passwd_len = strlen (passwd); (gdb) n329 char * crypt_buf = malloc (passwd_len + salt_len + 1) (gdb) 332 if (! crypt_buf) (gdb) 339 memcpy (crypt_buf, passwd, passwd_len); (gdb) 340 memcpy (crypt_buf + passwd_len, salt, salt_len); (gdb) p crypt_buf$1 = 0x9979e68 "123456A" (gdb) n342 strcpy (buf, "md5"); (gdb) p crypt_buf$2 = 0x9979e68 "123456yzs trees\ tQ" (gdb) n343 ret = pg_md5_hash (crypt_buf, passwd_len + salt_len, buf + 3) (gdb) p crypt_buf$3 = 0x9979e68 "123456yzs trees\ tQ" (gdb) n345 free (crypt_buf); (gdb) p crypt_buf$4 = 0x9979e68 "123456yzs stories\ tQ" (gdb) n347 return ret; (gdb) 348} (gdb) p ret$5 = 1'\ 001' (gdb) nencrypt_password (target_type=PASSWORD_TYPE_MD5, role=0x99c3b3c "yzs", password=0x99c3b4c "123456") at crypt.c:131131 return encrypted_password (gdb) 146} (gdb) CreateRole (pstate=0x9a0d804, stmt=0x99c3bbc) at user.c:415415 CStringGetTextDatum (shadow_pass); (gdb) p shadow_pass$6 = 0x9a0d984 "md5aed8080c314507e15542d5e9519723a8"

3. Observing the password value of the user encrypted by md5 from the pg_ authid table, you can see that it is the same as that seen in the stack information.

Postgres=# select * from pg_authid where rolname='yzs' Rolname | rolsuper | rolinherit | rolcreaterole | rolcreatedb | rolcanlogin | rolreplication | rolbypa***ls | rolconnlimit | rolpassword | rolvaliduntil-+-- -+-- yzs | f | t | f | f | | t | f | f |-1 | md5aed8080c314507e15542d5e9519723a8 | (1 row) |

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.