docs/lib/passlib.hash.postgres_md5.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

.. index:: postgres; md5 hash

==================================================================
:class:`passlib.hash.postgres_md5` - PostgreSQL MD5 password hash
==================================================================

.. warning::

    This hash is not secure, and should not be used for any purposes
    besides manipulating existing PostgreSQL password hashes.

.. currentmodule:: passlib.hash

This class implements the md5-based hash algorithm used by PostgreSQL to store
it's user account passwords. This scheme was introduced in PostgreSQL 7.2;
prior to this PostgreSQL stored it's password in plain text.
Users will most likely find the frontend provided by :mod:`passlib.apps`
to be more useful than accessing this class directly.
That aside, this class can be used directly as follows::

    >>> from passlib.hash import postgres_md5

    >>> # encrypt password using specified username
    >>> hash = postgres_md5.encrypt("password", user="username")
    >>> hash
    'md55a231fcdb710d73268c4f44283487ba2'

    >>> # verify correct password
    >>> postgres_md5.verify("password", hash, user="username")
    True
    >>> # verify correct password w/ wrong username
    >>> postgres_md5.verify("password", hash, user="somebody")
    False
    >>> # verify incorrect password
    >>> postgres_md5.verify("password", hash, user="username")
    False

.. seealso:: the generic :ref:`PasswordHash usage examples <password-hash-examples>`

Interface
=========
.. autoclass:: postgres_md5()

Format & Algorithm
==================
Postgres-MD5 hashes all have the format :samp:`md5{checksum}`,
where :samp:`{checksum}` is 32 hexidecimal digits, encoding a 128-bit checksum.
This checksum is the MD5 message digest of the password concatenated with the username.

Security Issues
===============
This algorithm it not suitable for *any* use besides manipulating existing
PostgreSQL account passwords, due to the following flaws:

* It's use of the username as a salt value means that common usernames
  (eg ``admin``, ``root``, ``postgres``) will occur more frequently as salts,
  weakening the effectiveness of the salt in foiling pre-computed tables.

* Since the keyspace of ``user+password`` is still a subset of ascii characters,
  existing MD5 lookup tables have an increased chance of being able to reverse common hashes.

* It's simplicity makes high-speed brute force attacks much more feasible [#brute]_ .

.. rubric:: Footnotes

.. [#] Discussion leading up to design of algorithm -
       `<http://archives.postgresql.org/pgsql-hackers/2001-06/msg00952.php>`_

.. [#] Message explaining postgres md5 hash algorithm -
       `<http://archives.postgresql.org/pgsql-php/2003-01/msg00021.php>`_

.. [#brute] Blog post demonstrating brute-force attack `<http://pentestmonkey.net/blog/cracking-postgres-hashes/>`_.