Reputation: 2646
What kind of hash does mysql use?
I'm writing my own code similar to phpMyAdmin. But I'll need the user to be able to sign on using their username and password from the mysql database. I need to know what kind of hash the mysql database uses to store each users password. I checked dev.mysql.com for answers but couldnt find anything, other than its the newer 41 byte hash beginning with an *.
Upvotes: 4
Views: 13458
Answers (3)
Reputation: 2756
MySQL 4.1+ uses a double SHA-1 hash (With the inner hash outputting raw data, not hex), the older versions seems to use a non-standard hash.
(There are PHP implementations of both in the answers to this question)
Unless you have a good reason to use them (compatibility with MySQL passwords / legacy code seems to be the only good reasons), you should be using bcrypt / PBKDF2 / scrypt for hashing passwords.
Upvotes: 3
Reputation:
I don't think you will be able to decrypt password stoed in MySQL table and it's of no use using password which is stored in mysql.user table.
You should be using password that is being set when User is created in your application, If you have lost password of users then you can reset it using mysqladmin
SET PASSWORD FOR 'user-name-here'@'hostname-name-here' = PASSWORD('new-password-here');
Upvotes: 2
Reputation: 16304
Not sure, what exactly your question is aiming at, but if you want to know how MySQL encrypts passwords stored in the user table read here in the manual:
MySQL encrypts passwords stored in the user table using its own algorithm. This encryption is the same as that implemented by the PASSWORD() SQL function but differs from that used during the Unix login process. Unix password encryption is the same as that implemented by the ENCRYPT() SQL function. See the descriptions of the PASSWORD() and ENCRYPT() functions in Section 12.13, “Encryption and Compression Functions”.
From version 4.1 on, MySQL employs a stronger authentication method that has better password protection during the connection process than in earlier versions. It is secure even if TCP/IP packets are sniffed or the mysql database is captured. (In earlier versions, even though passwords are stored in encrypted form in the user table, knowledge of the encrypted password value could be used to connect to the MySQL server.) Section 6.1.2.4, “Password Hashing in MySQL”, discusses password encryption further.
Upvotes: 4
Related Questions
- How to set hashed password for MySQL database user
- MySQL Hashing Function Implementation
- hash() function in mysql version 8.0
- Is the MySQL password function vulnerable to this?
- What function to use to hash passwords in MySQL?
- How to hash passwords in MySQL?
- What is the correct datatype for storing hashed passwords in mysql?
- what type of password hash? possible mysql hash?
- MySQL plain-text to hash passwords
- Storing hashed passwords in MySQL