Is there any interest in fixing our documentation that says encrypted when it means hashed? Should I pursue this?
--------------------------------------------------------------------------- On Fri, Mar 10, 2017 at 11:16:02AM +0900, Michael Paquier wrote: > Hi all, > > As discussed here: > https://www.postgresql.org/message-id/98cafcd0-5557-0bdf-4837-0f2b7782d...@joeconway.com > We are using in documentation and code comments "encryption" to define > what actually is hashing, which is confusing. > > Attached is a patch for HEAD to change the documentation to match hashing. > > There are a couple of things I noticed on the way: > 1) There is the user-visible PQencryptPassword in libpq, which > actually hashes the password, and not encrypts it :) > 2) There is as well pg_md5_encrypt() in the code, as well as there is > pg_md5_hash(). Those may be better if renamed, at least I would think > that pg_md5_encrypt should be pg_md5_password_hash, because a salt is > used as well, and the routine is dedicated to work on passwords. > Thoughts? > 3) createuser also has --encrypt and --unencrypted, perhaps those > should be renamed? Honestly I don't really think that this is worth a > breakage and the option names match with the SQL commands. > > I did not bother about those things in the attached, which works only > documentation and comment changes. > > An open item has been added on the wiki. > > Thanks, > -- > Michael > diff --git a/contrib/pgcrypto/crypt-des.c b/contrib/pgcrypto/crypt-des.c > index a4aa4966bf..1f65f286ea 100644 > --- a/contrib/pgcrypto/crypt-des.c > +++ b/contrib/pgcrypto/crypt-des.c > @@ -753,7 +753,7 @@ px_crypt_des(const char *key, const char *setting) > output[0] = setting[0]; > > /* > - * If the encrypted password that the salt was extracted from > is only > + * If the hashed password that the salt was extracted from is > only > * 1 character long, the salt will be corrupted. We need to > ensure > * that the output string doesn't have an extra NUL in it! > */ > diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml > index 28cdabe6fe..abbd5dd19e 100644 > --- a/doc/src/sgml/catalogs.sgml > +++ b/doc/src/sgml/catalogs.sgml > @@ -1334,8 +1334,8 @@ > <entry><structfield>rolpassword</structfield></entry> > <entry><type>text</type></entry> > <entry> > - Password (possibly encrypted); null if none. The format depends > - on the form of encryption used. > + Password (possibly hashed); null if none. The format depends > + on the form of hashing used. > </entry> > </row> > > @@ -1350,19 +1350,20 @@ > </table> > > <para> > - For an MD5 encrypted password, <structfield>rolpassword</structfield> > + For an MD5-hashed password, <structfield>rolpassword</structfield> > column will begin with the string <literal>md5</> followed by a > 32-character hexadecimal MD5 hash. The MD5 hash will be of the user's > password concatenated to their user name. For example, if user > <literal>joe</> has password <literal>xyzzy</>, <productname>PostgreSQL</> > will store the md5 hash of <literal>xyzzyjoe</>. If the password is > - encrypted with SCRAM-SHA-256, it consists of 5 fields separated by colons. > + hashed with SCRAM-SHA-256, it consists of 5 fields separated by colons. > The first field is the constant <literal>scram-sha-256</literal>, to > identify the password as a SCRAM-SHA-256 verifier. The second field is a > salt, Base64-encoded, and the third field is the number of iterations used > to generate the password. The fourth field and fifth field are the stored > key and server key, respectively, in hexadecimal format. A password that > - does not follow either of those formats is assumed to be unencrypted. > + does not follow either of those formats is assumed to be in plain format, > + non-hashed. > </para> > </sect1> > > @@ -10269,9 +10270,9 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts > ppx > <entry><structfield>passwd</structfield></entry> > <entry><type>text</type></entry> > <entry></entry> > - <entry>Password (possibly encrypted); null if none. See > + <entry>Password (possibly hashed); null if none. See > <link > linkend="catalog-pg-authid"><structname>pg_authid</structname></link> > - for details of how encrypted passwords are stored.</entry> > + for details of how hashed passwords are stored.</entry> > </row> > > <row> > diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml > index 69844e5b29..994ed6c1bd 100644 > --- a/doc/src/sgml/config.sgml > +++ b/doc/src/sgml/config.sgml > @@ -1190,11 +1190,11 @@ include_dir 'conf.d' > When a password is specified in <xref linkend="sql-createuser"> or > <xref linkend="sql-alterrole"> without writing either > <literal>ENCRYPTED</> > or <literal>UNENCRYPTED</>, this parameter determines whether the > - password is to be encrypted. The default value is <literal>md5</>, > which > + password is to be hashed. The default value is <literal>md5</>, which > stores the password as an MD5 hash. Setting this to > <literal>plain</> stores > it in plaintext. <literal>on</> and <literal>off</> are also > accepted, as > aliases for <literal>md5</> and <literal>plain</>, respectively. > Setting > - this parameter to <literal>scram</> will encrypt the password with > + this parameter to <literal>scram</> will hash the password with > SCRAM-SHA-256. > </para> > </listitem> > diff --git a/doc/src/sgml/passwordcheck.sgml b/doc/src/sgml/passwordcheck.sgml > index 6e6e4ef435..8cf59946eb 100644 > --- a/doc/src/sgml/passwordcheck.sgml > +++ b/doc/src/sgml/passwordcheck.sgml > @@ -37,11 +37,11 @@ > > <caution> > <para> > - To prevent unencrypted passwords from being sent across the network, > + To prevent non-hashed passwords from being sent across the network, > written to the server log or otherwise stolen by a database administrator, > <productname>PostgreSQL</productname> allows the user to supply > - pre-encrypted passwords. Many client programs make use of this > - functionality and encrypt the password before sending it to the server. > + pre-hashed passwords. Many client programs make use of this > + functionality and hash the password before sending it to the server. > </para> > <para> > This limits the usefulness of the <filename>passwordcheck</filename> > @@ -54,7 +54,7 @@ > </para> > <para> > Alternatively, you could modify <filename>passwordcheck</filename> > - to reject pre-encrypted passwords, but forcing users to set their > + to reject pre-hashed passwords, but forcing users to set their > passwords in clear text carries its own security risks. > </para> > </caution> > diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml > index bf514aacf3..c4ce02c9dd 100644 > --- a/doc/src/sgml/pgcrypto.sgml > +++ b/doc/src/sgml/pgcrypto.sgml > @@ -109,7 +109,7 @@ hmac(data bytea, key text, type text) returns bytea > <listitem> > <para> > They use a random value, called the <firstterm>salt</>, so that users > - having the same password will have different encrypted passwords. > + having the same password will have different hashed passwords. > This is also an additional defense against reversing the algorithm. > </para> > </listitem> > diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml > index 3d6e8eed43..52afe25090 100644 > --- a/doc/src/sgml/protocol.sgml > +++ b/doc/src/sgml/protocol.sgml > @@ -294,7 +294,7 @@ > <listitem> > <para> > The frontend must now send a PasswordMessage containing the > - password (with user name) encrypted via MD5, then encrypted > + password (with user name) hashed via MD5, then hashed > again using the 4-byte random salt specified in the > AuthenticationMD5Password message. If this is the correct > password, the server responds with an AuthenticationOk, > @@ -2603,7 +2603,7 @@ AuthenticationMD5Password (B) > </term> > <listitem> > <para> > - Specifies that an MD5-encrypted password is required. > + Specifies that an MD5-hashed password is required. > </para> > </listitem> > </varlistentry> > @@ -2613,7 +2613,7 @@ AuthenticationMD5Password (B) > </term> > <listitem> > <para> > - The salt to use when encrypting the password. > + The salt to use when hashing the password. > </para> > </listitem> > </varlistentry> > @@ -4704,7 +4704,7 @@ PasswordMessage (F) > </term> > <listitem> > <para> > - The password (encrypted, if requested). > + The password (hashed, if requested). > </para> > </listitem> > </varlistentry> > diff --git a/doc/src/sgml/ref/alter_role.sgml > b/doc/src/sgml/ref/alter_role.sgml > index da36ad9696..e242876967 100644 > --- a/doc/src/sgml/ref/alter_role.sgml > +++ b/doc/src/sgml/ref/alter_role.sgml > @@ -81,9 +81,9 @@ ALTER ROLE { <replaceable > class="PARAMETER">role_specification</replaceable> | A > roles. > The current session user cannot be renamed. > (Connect as a different user if you need to do that.) > - Because <literal>MD5</>-encrypted passwords use the role name as > + Because <literal>MD5</>-hashed passwords use the role name as > cryptographic salt, renaming a role clears its password if the > - password is <literal>MD5</>-encrypted. > + password is <literal>MD5</>-hashed. > </para> > > <para> > @@ -250,7 +250,7 @@ ALTER ROLE { <replaceable > class="PARAMETER">role_specification</replaceable> | A > </para> > > <para> > - Caution must be exercised when specifying an unencrypted password > + Caution must be exercised when specifying a non-hashed password > with this command. The password will be transmitted to the server > in cleartext, and it might also be logged in the client's command > history or the server log. <xref linkend="app-psql"> > diff --git a/doc/src/sgml/ref/create_role.sgml > b/doc/src/sgml/ref/create_role.sgml > index 99d1c8336c..083fde6722 100644 > --- a/doc/src/sgml/ref/create_role.sgml > +++ b/doc/src/sgml/ref/create_role.sgml > @@ -228,14 +228,14 @@ CREATE ROLE <replaceable > class="PARAMETER">name</replaceable> [ [ WITH ] <replac > <listitem> > <para> > These key words control whether the password is stored > - encrypted in the system catalogs. (If neither is specified, > + hashed in the system catalogs. (If neither is specified, > the default behavior is determined by the configuration > parameter <xref linkend="guc-password-encryption">.) If the > - presented password string is already in MD5-encrypted or > - SCRAM-encrypted format, then it is stored encrypted as-is, > + presented password string is already in MD5-hashed or > + SCRAM-hashed format, then it is stored hased as-is, > regardless of whether <literal>ENCRYPTED</> or > <literal>UNENCRYPTED</> > - is specified (since the system cannot decrypt the specified encrypted > - password string). This allows reloading of encrypted passwords > + is specified (since the system cannot understand the specified hashed > + password string). This allows reloading of hashed passwords > during dump/restore. > </para> > > @@ -396,12 +396,12 @@ CREATE ROLE <replaceable > class="PARAMETER">name</replaceable> [ [ WITH ] <replac > </para> > > <para> > - Caution must be exercised when specifying an unencrypted password > + Caution must be exercised when specifying a non-hashed password > with this command. The password will be transmitted to the server > in cleartext, and it might also be logged in the client's command > history or the server log. The command <xref > linkend="APP-CREATEUSER">, however, transmits > - the password encrypted. Also, <xref linkend="app-psql"> > + the password hash. Also, <xref linkend="app-psql"> > contains a command > <command>\password</command> that can be used to safely change the > password later. > diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml > index 2a9c412020..0860b483a7 100644 > --- a/doc/src/sgml/ref/psql-ref.sgml > +++ b/doc/src/sgml/ref/psql-ref.sgml > @@ -2207,7 +2207,7 @@ lo_import 152801 > <listitem> > <para> > Changes the password of the specified user (by default, the current > - user). This command prompts for the new password, encrypts it, and > + user). This command prompts for the new password, hashes it, and > sends it to the server as an <command>ALTER ROLE</> command. This > makes sure that the new password does not appear in cleartext in the > command history, the server log, or elsewhere. > diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml > index 5e3d783c6a..5f6b30f8df 100644 > --- a/doc/src/sgml/runtime.sgml > +++ b/doc/src/sgml/runtime.sgml > @@ -2024,15 +2024,15 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 > <variablelist> > > <varlistentry> > - <term>Password Storage Encryption</term> > + <term>Password Storage Hashing</term> > <listitem> > > <para> > By default, database user passwords are stored as MD5 hashes, so > the administrator cannot determine the actual password assigned > - to the user. If MD5 encryption is used for client authentication, > - the unencrypted password is never even temporarily present on the > - server because the client MD5-encrypts it before being sent > + to the user. If MD5 hashing is used for client authentication, > + the non-hashed password is never even temporarily present on the > + server because the client MD5-hashes it before being sent > across the network. > </para> > </listitem> > @@ -2088,18 +2088,18 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 > </varlistentry> > > <varlistentry> > - <term>Encrypting Passwords Across A Network</term> > + <term>Hashing Passwords Across A Network</term> > > <listitem> > <para> > - The <literal>MD5</> authentication method double-encrypts the > + The <literal>MD5</> authentication method double-hashes the > password on the client before sending it to the server. It first > - MD5-encrypts it based on the user name, and then encrypts it > + MD5-hashes it based on the user name, and then hashes it > based on a random salt sent by the server when the database > - connection was made. It is this double-encrypted value that is > - sent over the network to the server. Double-encryption not only > + connection was made. It is this double-hashed value that is > + sent over the network to the server. Double-hash not only > prevents the password from being discovered, it also prevents > - another connection from using the same encrypted password to > + another connection from using the same hashed password to > connect to the database server at a later time. > </para> > </listitem> > diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c > index 14b9779144..e4ad531fa6 100644 > --- a/src/backend/commands/user.c > +++ b/src/backend/commands/user.c > @@ -397,7 +397,7 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt) > > if (password) > { > - /* Encrypt the password to the requested format. */ > + /* Hash the password to the requested format. */ > char *shadow_pass; > > shadow_pass = encrypt_password(password_type, stmt->role, > password); > @@ -806,7 +806,7 @@ AlterRole(AlterRoleStmt *stmt) > /* password */ > if (password) > { > - /* Encrypt the password to the requested format. */ > + /* Hash the password to the requested format. */ > char *shadow_pass; > > shadow_pass = encrypt_password(password_type, rolename, > password); > diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c > index 9f78e57aae..8e7344d95a 100644 > --- a/src/backend/libpq/auth-scram.c > +++ b/src/backend/libpq/auth-scram.c > @@ -147,7 +147,7 @@ pg_be_scram_init(const char *username, const char > *shadow_pass, bool doomed) > /* > * Perform sanity checks on the provided password after catalog lookup. > * The authentication is bound to fail if the lookup itself failed or if > - * the password stored is MD5-encrypted. Authentication is possible for > + * the password stored is MD5-hashed. Authentication is possible for > * users with a valid plain password though. > */ > > diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c > index ebf10bbbae..61217f0fa4 100644 > --- a/src/backend/libpq/auth.c > +++ b/src/backend/libpq/auth.c > @@ -2723,7 +2723,7 @@ CheckRADIUSAuth(Port *port) > if (!pg_md5_binary(cryptvector, strlen(port->hba->radiussecret) > + RADIUS_VECTOR_LENGTH, encryptedpassword + i)) > { > ereport(LOG, > - (errmsg("could not perform MD5 > encryption of password"))); > + (errmsg("could not perform MD5 hash of > password"))); > pfree(cryptvector); > return STATUS_ERROR; > } > @@ -2924,7 +2924,7 @@ CheckRADIUSAuth(Port *port) > encryptedpassword)) > { > ereport(LOG, > - (errmsg("could not perform MD5 encryption of received > packet"))); > + (errmsg("could not perform MD5 hash of received > packet"))); > pfree(cryptvector); > continue; > } > diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c > index bd3e936d38..2cc3344f6e 100644 > --- a/src/backend/libpq/crypt.c > +++ b/src/backend/libpq/crypt.c > @@ -1,7 +1,7 @@ > /*------------------------------------------------------------------------- > * > * crypt.c > - * Functions for dealing with encrypted passwords stored in > + * Functions for dealing with hashed passwords stored in > * pg_authid.rolpassword. > * > * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group > @@ -150,7 +150,7 @@ encrypt_password(PasswordType target_type, const char > *role, > > if (!pg_md5_encrypt(password, role, > strlen(role), > > encrypted_password)) > - elog(ERROR, "password > encryption failed"); > + elog(ERROR, "password hashing > failed"); > return encrypted_password; > > case PASSWORD_TYPE_SCRAM: > @@ -184,7 +184,7 @@ encrypt_password(PasswordType target_type, const char > *role, > * This shouldn't happen, because the above switch statements should > * handle every combination of source and target password types. > */ > - elog(ERROR, "cannot encrypt password to requested type"); > + elog(ERROR, "cannot hash password to requested type"); > return NULL; /* keep compiler quiet */ > } > > @@ -221,7 +221,7 @@ md5_crypt_verify(const char *role, const char > *shadow_pass, > switch (get_password_type(shadow_pass)) > { > case PASSWORD_TYPE_MD5: > - /* stored password already encrypted, only do salt */ > + /* stored password already hashed, only do salt */ > if (!pg_md5_encrypt(shadow_pass + strlen("md5"), > md5_salt, > md5_salt_len, > crypt_pwd)) > @@ -231,7 +231,7 @@ md5_crypt_verify(const char *role, const char > *shadow_pass, > break; > > case PASSWORD_TYPE_PLAINTEXT: > - /* stored password is plain, double-encrypt */ > + /* stored password is plain, double-hash */ > if (!pg_md5_encrypt(shadow_pass, > role, > strlen(role), > diff --git a/src/backend/libpq/pg_hba.conf.sample > b/src/backend/libpq/pg_hba.conf.sample > index 6b1778a721..6b4ab71cb6 100644 > --- a/src/backend/libpq/pg_hba.conf.sample > +++ b/src/backend/libpq/pg_hba.conf.sample > @@ -45,7 +45,7 @@ > # METHOD can be "trust", "reject", "md5", "password", "scram", "gss", > # "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that > # "password" sends passwords in clear text; "md5" or "scram" are preferred > -# since they send encrypted passwords. > +# since they send hashed passwords. > # > # OPTIONS are a set of options for the authentication in the format > # NAME=VALUE. The available options depend on the different > diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c > index 07efc27a69..0dbe7017a8 100644 > --- a/src/bin/psql/command.c > +++ b/src/bin/psql/command.c > @@ -1138,7 +1138,7 @@ exec_command(const char *cmd, > > if (!encrypted_password) > { > - psql_error("Password encryption failed.\n"); > + psql_error("Password hashing failed.\n"); > success = false; > } > else > diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c > index 3d74797a8f..b398f6a1e1 100644 > --- a/src/bin/scripts/createuser.c > +++ b/src/bin/scripts/createuser.c > @@ -278,7 +278,7 @@ main(int argc, char *argv[]) > > newuser); > if (!encrypted_password) > { > - fprintf(stderr, _("Password encryption > failed.\n")); > + fprintf(stderr, _("Password hashing > failed.\n")); > exit(1); > } > appendStringLiteralConn(&sql, encrypted_password, conn); > @@ -358,14 +358,14 @@ help(const char *progname) > printf(_(" -d, --createdb role can create new > databases\n")); > printf(_(" -D, --no-createdb role cannot create databases > (default)\n")); > printf(_(" -e, --echo show the commands being sent to > the server\n")); > - printf(_(" -E, --encrypted encrypt stored password\n")); > + printf(_(" -E, --encrypted hash stored password\n")); > printf(_(" -g, --role=ROLE new role will be a member of this > role\n")); > printf(_(" -i, --inherit role inherits privileges of roles > it is a\n" > " member of (default)\n")); > printf(_(" -I, --no-inherit role does not inherit > privileges\n")); > printf(_(" -l, --login role can login (default)\n")); > printf(_(" -L, --no-login role cannot login\n")); > - printf(_(" -N, --unencrypted do not encrypt stored > password\n")); > + printf(_(" -N, --unencrypted do not hash stored password\n")); > printf(_(" -P, --pwprompt assign a password to new > role\n")); > printf(_(" -r, --createrole role can create new roles\n")); > printf(_(" -R, --no-createrole role cannot create roles > (default)\n")); > diff --git a/src/common/scram-common.c b/src/common/scram-common.c > index e44f38f652..712d51900d 100644 > --- a/src/common/scram-common.c > +++ b/src/common/scram-common.c > @@ -148,7 +148,7 @@ scram_H(const uint8 *input, int len, uint8 *result) > } > > /* > - * Encrypt password for SCRAM authentication. This basically applies the > + * Hash password for SCRAM authentication. This basically applies the > * normalization of the password and a hash calculation using the salt > * value given by caller. > */ > diff --git a/src/include/common/md5.h b/src/include/common/md5.h > index ccaaeddbf4..37e2432021 100644 > --- a/src/include/common/md5.h > +++ b/src/include/common/md5.h > @@ -4,7 +4,7 @@ > * Interface to libpq/md5.c > * > * These definitions are needed by both frontend and backend code to work > - * with MD5-encrypted passwords. > + * with MD5-hashed passwords. > * > * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group > * Portions Copyright (c) 1994, Regents of the University of California > diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c > index 5fe7e565a0..385c0472bf 100644 > --- a/src/interfaces/libpq/fe-auth.c > +++ b/src/interfaces/libpq/fe-auth.c > @@ -583,7 +583,7 @@ pg_password_sendauth(PGconn *conn, const char *password, > AuthRequest areq) > char *crypt_pwd = NULL; > const char *pwd_to_send; > > - /* Encrypt the password if needed. */ > + /* Hash the password if needed. */ > > switch (areq) > { > @@ -909,14 +909,14 @@ pg_fe_getauthname(PQExpBuffer errorMessage) > > > /* > - * PQencryptPassword -- exported routine to encrypt a password > + * PQencryptPassword -- exported routine to hash a password > * > * This is intended to be used by client applications that wish to send > * commands like ALTER USER joe PASSWORD 'pwd'. The password need not > - * be sent in cleartext if it is encrypted on the client side. This is > + * be sent in cleartext if it is hashed on the client side. This is > * good because it ensures the cleartext password won't end up in logs, > * pg_stat displays, etc. We export the function so that clients won't > - * be dependent on low-level details like whether the encryption is MD5 > + * be dependent on low-level details like whether the hashing is MD5 > * or something else. > * > * Arguments are the cleartext password, and the SQL name of the user it > diff --git a/src/test/regress/expected/password.out > b/src/test/regress/expected/password.out > index c503e43abe..7fe09e6f00 100644 > --- a/src/test/regress/expected/password.out > +++ b/src/test/regress/expected/password.out > @@ -55,14 +55,14 @@ SELECT rolname, rolpassword > > ALTER ROLE regress_passwd3_new RENAME TO regress_passwd3; > -- ENCRYPTED and UNENCRYPTED passwords > -ALTER ROLE regress_passwd1 UNENCRYPTED PASSWORD 'foo'; -- unencrypted > -ALTER ROLE regress_passwd2 UNENCRYPTED PASSWORD > 'md5dfa155cadd5f4ad57860162f3fab9cdb'; -- encrypted with MD5 > +ALTER ROLE regress_passwd1 UNENCRYPTED PASSWORD 'foo'; -- non-hashed > +ALTER ROLE regress_passwd2 UNENCRYPTED PASSWORD > 'md5dfa155cadd5f4ad57860162f3fab9cdb'; -- hashed with MD5 > SET password_encryption = 'md5'; > -ALTER ROLE regress_passwd3 ENCRYPTED PASSWORD 'foo'; -- encrypted with MD5 > +ALTER ROLE regress_passwd3 ENCRYPTED PASSWORD 'foo'; -- hashed with MD5 > ALTER ROLE regress_passwd4 ENCRYPTED PASSWORD > 'scram-sha-256:VLK4RMaQLCvNtQ==:4096:3ded2376f7aafa93b1bdbd71bcc18b7d6ee50ed018029cc583d152ef3fc7d430:a6dd36dfc94c181956a6ae95f05e01b1864f0a22a2657d1de4ba84d2a24dc438'; > -- client-supplied SCRAM verifier, use as it is > SET password_encryption = 'scram'; > ALTER ROLE regress_passwd5 ENCRYPTED PASSWORD 'foo'; -- create SCRAM > verifier > -CREATE ROLE regress_passwd6 ENCRYPTED PASSWORD > 'md53725413363ab045e20521bf36b8d8d7f'; -- encrypted with MD5, use as it is > +CREATE ROLE regress_passwd6 ENCRYPTED PASSWORD > 'md53725413363ab045e20521bf36b8d8d7f'; -- hashed with MD5, use as it is > SELECT rolname, regexp_replace(rolpassword, > '(scram-sha-256):([a-zA-Z0-9+/]+==):(\d+):(\w+):(\w+)', > '\1:<salt>:\3:<storedkey>:<serverkey>') as rolpassword_masked > FROM pg_authid > WHERE rolname LIKE 'regress_passwd%' > diff --git a/src/test/regress/sql/password.sql > b/src/test/regress/sql/password.sql > index f4b3a9ac3a..aa88d5ef82 100644 > --- a/src/test/regress/sql/password.sql > +++ b/src/test/regress/sql/password.sql > @@ -43,16 +43,16 @@ SELECT rolname, rolpassword > ALTER ROLE regress_passwd3_new RENAME TO regress_passwd3; > > -- ENCRYPTED and UNENCRYPTED passwords > -ALTER ROLE regress_passwd1 UNENCRYPTED PASSWORD 'foo'; -- unencrypted > -ALTER ROLE regress_passwd2 UNENCRYPTED PASSWORD > 'md5dfa155cadd5f4ad57860162f3fab9cdb'; -- encrypted with MD5 > +ALTER ROLE regress_passwd1 UNENCRYPTED PASSWORD 'foo'; -- non-hashed > +ALTER ROLE regress_passwd2 UNENCRYPTED PASSWORD > 'md5dfa155cadd5f4ad57860162f3fab9cdb'; -- hashed with MD5 > SET password_encryption = 'md5'; > -ALTER ROLE regress_passwd3 ENCRYPTED PASSWORD 'foo'; -- encrypted with MD5 > +ALTER ROLE regress_passwd3 ENCRYPTED PASSWORD 'foo'; -- hashed with MD5 > > ALTER ROLE regress_passwd4 ENCRYPTED PASSWORD > 'scram-sha-256:VLK4RMaQLCvNtQ==:4096:3ded2376f7aafa93b1bdbd71bcc18b7d6ee50ed018029cc583d152ef3fc7d430:a6dd36dfc94c181956a6ae95f05e01b1864f0a22a2657d1de4ba84d2a24dc438'; > -- client-supplied SCRAM verifier, use as it is > > SET password_encryption = 'scram'; > ALTER ROLE regress_passwd5 ENCRYPTED PASSWORD 'foo'; -- create SCRAM > verifier > -CREATE ROLE regress_passwd6 ENCRYPTED PASSWORD > 'md53725413363ab045e20521bf36b8d8d7f'; -- encrypted with MD5, use as it is > +CREATE ROLE regress_passwd6 ENCRYPTED PASSWORD > 'md53725413363ab045e20521bf36b8d8d7f'; -- hashed with MD5, use as it is > > SELECT rolname, regexp_replace(rolpassword, > '(scram-sha-256):([a-zA-Z0-9+/]+==):(\d+):(\w+):(\w+)', > '\1:<salt>:\3:<storedkey>:<serverkey>') as rolpassword_masked > FROM pg_authid > > -- > Sent via pgsql-hackers mailing list (pgsql-hack...@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
