How to find out if the password entered in the form matches the password for the PostgreSQL DBMS user using Qt 4? Suppose the user has the password 12345.

select md5('12345')

and

 QString(QCryptographicHash::hash(("12345"),QCryptographicHash::Md5).toHex())

give the result "827ccb0eea8a706c4c34a16891f84e7b". The table for the same password is stored "md5b5ab06cb9f5f50555a65efe870fbf406"

How, knowing the password entered into the form and the value of the passwd field from the pg_shadow table, compare them?

  • Without knowing the hashing method (salt, multiple hashing, etc.), no way. Sources need to watch. - Yura Ivanov
  • one
    b5ab06cb9f5f50555a65efe870fbf406 - 12345jjj, so that the hashing is clearly MD5, which is what the prefix hints at. But where do these jjjjs come from - it's not clear ... - Vladimir Martyanov
  • @ Vladimir Martiyanov jjjj it turns out the username) found in tyrnet just such a thing: select * from pg_shadow where ('md5' || md5('12345'||pg_shadow.usename)) = pg_shadow.passwd . Those. at the end, the login is still attributed. That is, it turns out that you need to compare the value that is obtained from the table with QString("md5" + QCryptographicHash::hash(("12345" +"jjjj"),QCryptographicHash::Md5).toHex()) , if login is jjjj :) Right? - Emm
  • Check out :-) I already have a noggin on my head - Vladimir Martyanov

1 answer 1

Experimentally and according to the comments of the TCA, it was found that md5b5ab06cb9f5f50555a65efe870fbf406 contains the prefix md5 , and the rest - MD5 hash of the string 12345jjj , in which 12345 is the password, I jjj is the login.