← All tools
// Security

PostgreSQL Password Generator online

Generate PostgreSQL MD5 password hashes (md5 + hash of password + username) — runs in your browser

Chunky Munster mascot
by
CHUNKY
MUNSTER
// PostgreSQL Password Hash
Output will appear here...
// Security note: All hashing runs locally in your browser. No passwords are transmitted. MD5 authentication is deprecated in PostgreSQL 15+. Use SCRAM-SHA-256 for new installations.

PostgreSQL stores user passwords in the pg_authid system catalog using a method-specific hash. The traditional MD5 method computes MD5(password + username) and prepends the literal string "md5" to produce a 35-character string. This is the format expected when manually updating a user's password hash in the database.

PostgreSQL MD5 Password Format

The stored password is: "md5" + MD5(password + username). For example, if the username is "alice" and the password is "secret", the hash is: "md5" + MD5("secretalice"). The username is concatenated directly (no separator) and acts as a static salt.

SQL Usage

ALTER USER alice PASSWORD 'md5abc123...';

Or to use a plain password and let PostgreSQL hash it: ALTER USER alice PASSWORD 'mypassword';

MD5 vs SCRAM-SHA-256

Frequently Asked Questions

Why does the username matter in the hash?

The username acts as a static salt in PostgreSQL's MD5 scheme. Two users with the same password will have different hashes because their usernames differ. However, static salts are weaker than the random salts used by bcrypt or SCRAM.

How do I enable SCRAM-SHA-256 in PostgreSQL?

Set password_encryption = scram-sha-256 in postgresql.conf, then have each user reset their password. The hash will be re-generated using SCRAM automatically.