arvind.rawat
arvind.rawat

Reputation: 21

How to connect to PostgreSQL server using encrypted password

In usual scenarios, the connection string contains the password in plain text, but this can be captured by Wireshark, so I want to use the encrypted password in a connection string. I found the below excerpt from the Postgres documentation:

Encrypting Passwords Across A Network The MD5 authentication method double-encrypts the password on the client before sending it to the server. It first MD5-encrypts it based on the user name, and then encrypts it based on a random salt sent by the server when the database connection was made. It is this double-encrypted value that is sent over the network to the server. Double-encryption not only prevents the password from being discovered, but it also prevents another connection from using the same encrypted password to connect to the database server at a later time.

If I understood it correctly, to get the salt, I need to connect to the database, but doean't that mean that the password can be spoofed?

I tried to google around but did not found a satisfying solution. I want to understand how can I get the random salt from PostgreSQL server using java and then encrypt the plain password with it and use an encrypted password to establish a connection.

Upvotes: 2

Views: 7881

Answers (1)

Laurenz Albe
Laurenz Albe

Reputation: 247950

If you, user arvind, set the password to secret, the actual password is set to

'md5' || md5('secret' || 'arvind')

that is md50624d6c2e831004efb7f4173699a1775. That's what you'll find in the pg_authid system catalog.

Now the establishment of a connection works like this:

client to server: I want to connect to database mydb as user arvind.

server to client: Ok, I want MD5 authentication. Your salt is g73j.

The client has been given secret as password.

First, it uses the formula above to get the real password (first hashing).

Then, the client hashes the password a second time using

'md5' || md5('0624d6c2e831004efb7f4173699a1775' || 'g73j')

client to server: the hashed password is md573ae1f550fb4bcd28411cefb24b800bc.

The server calculates the same hash and compares the result to what it got from the client.

If that is the same, the server knows that the client must have the real password, otherwise it couldn't have calculated the correct hash.

The password itself is not transferred, so it cannot be stolen by an eavesdropper.

server to client: Ok, you're in.

The actual messages look different of course, but that's all in the documentation.

Upvotes: 5

Related Questions