Stephen Frost wrote: > The md5 hash which is generated for and stored in pg_shadow does not > use a random salt but instead uses the username which can generally be > determined ahead of time (especially for the 'postgres' superuser > account). I noted that this was a problem back in August, 2002: http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php Then, as now, the developers weren't very concerned. Regards, David.