Login to PostgreSQL using md5 encrypted password and not plaintext password

The authentication method md5 does not directly govern the encryption of passwords in the system catalog (the keyword ENCRYPTED in CREATE ROLE):

Postgres 10 or later

Note this update in Postgres 10

• Add SCRAM-SHA-256 support for password negotiation and storage (Michael Paquier, Heikki Linnakangas)

  This provides better security than the existing md5 negotiation and storage method.

The manual:

To ease transition from the md5 method to the newer SCRAM method, if md5 is specified as a method in pg_hba.conf but the user's password on the server is encrypted for SCRAM (see below), then SCRAM-based authentication will automatically be chosen instead.

Postgres 9.6 or older

Per documentation on the authentication method:

The password-based authentication methods are md5 and password. These methods operate similarly except for the way that the password is sent across the connection, namely MD5-hashed and clear-text respectively.

Per documentation on the ENCRYPTED keyword in CREATE ROLE:

ENCRYPTED
UNENCRYPTED

These key words control whether the password is stored encrypted in the system catalogs. (If neither is specified, the default behavior is determined by the configuration parameter password_encryption.) If the presented password string is already in MD5-encrypted format, then it is stored encrypted as-is, regardless of whether ENCRYPTED or UNENCRYPTED is specified (since the system cannot decrypt the specified encrypted password string). This allows reloading of encrypted passwords during dump/restore.

Both use md5 encryption, but the first is concerned with transport and the second with storage. You are still expected to provide the unencrypted password for your login, even when using the authentication method md5 (setting in pg_hba.conf). The user name is used as salt for md5 encryption on client and server.

First matching entry in pg_hba.conf

About your remark:

Added entry for testuser in pg_hba.conf file with md5 method.

Don't just "add" an entry. The first matching line in pg_hba.conf is applied!

The manual on pg_hba.conf:

The first record with a matching connection type, client address, requested database, and user name is used to perform authentication.

Bold emphasis mine in all quotes.

Related videos on Youtube

12 : 10

Password authentication in postgresql

E-MultiSkills Database Tutorials

500

30 : 08

How to Encrypt and Decrypt Password in php Using md5() Login System || Password Encryption in PHP

Tech IN Sourav

164

13 : 14

PHP & MySQL Md5 Encryption

Learn More

70

22 : 24

PHP Login Registration Form with md5() Password Encryption

Webslesson

56

04 : 30

Fix PostgreSQL Fatal Password Error

Tech Tok

31

08 : 46

Logging into PostgreSQL without password

PostgresCourse.com

21

01 : 34

Configure MD5 Encrypted Password for Users on Cisco IOS

TechwithGuru

10

06 : 41

Password Encrypt and Decrypt Operation | Signup and Login | ASP.NET Core Web API

Thumb IKR - Programming Examples

9

20 : 14

Login and security PostgreSQL

Steve Conger

7

08 : 54

Bcrypt Password Encryption with Spring Boot

Programming with Basar

7

20 : 56

login/register form using md5() password encryption

AI Web Tutorial

2

Author by

user3610957

Updated on June 04, 2022