CheckPassword SERVER: salt = create_random_salt() send(salt) CLIENT: recv(salt) md5_stage1 = md5Sum(password + user) md5_stage2 = md5Sum(md5_stage1 + salt) reply = "md5" + md5_stage2 SERVER: recv(reply) server_md5_stage1 = md5Sum(password + user) server_md5_stage2 = md5Sum(server_md5_stage1 + salt) check(reply == "md5" + server_md5_stage2)) The password saved by the server is "md5" + server_md5_stage1, so you can get server_md5_stage1 directly.

CheckScrambledPassword check scrambled password received from client.

DecodePassword converts hex string password without prefix '*' to byte array.

DecodePasswordByMD5 remove prefix "md5".

EncodePassword converts plaintext password to hashed hex string.

EncodePasswordByMD5 PostgreSQL encode password by md5.

Sha1Hash is an util function to calculate sha1 hash.

UserIdentity represents username and hostname.