Reputation: 728
MySQL PASSWORD() function and SpringSecurity ShaPasswordEncoder
I've got a mysql database that stores passwords using MySQL's PASSWORD() function. From what I can gather from this URL (and verifying it myself to make sure it applies to my version of MySQL)
http://www.palominodb.com/blog/2011/12/04/hashing-algorithm-mysql-password
The hashing function for mysql is a double SHA1 hash with the first result converted from binary to hex before hashing it again.
SELECT PASSWORD("this_is_a_random_string") as 'pass';
pass: *12E76A751EFA43A177049262A2EE36DA327D8E50
SELECT concat('*', UPPER(SHA1(UNHEX(SHA1("this_is_a_random_string"))))) as 'pass';
pass: *12E76A751EFA43A177049262A2EE36DA327D8E50
So what I'd like to do is use SpringSecurity's ShaPasswordEncoder to allow Spring to work with these hashes.
Other than subclassing my own PasswordEncoder and using ShaPasswordEncoder to build up the processing steps shown in the SQL above, does ShaPasswordEncoder itself have a standard way of setting itself up to work with MySQL's PASSWORD function?
Upvotes: 3
Views: 460
Answers (1)
Reputation: 562881
http://dev.mysql.com/doc/refman/5.6/en/encryption-functions.html#function_password
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications.
Upvotes: 2
Related Questions
- How to hash passwords in mysql for spring security compatibility
- MySQL password contains '=' having wrong password issue in spring boot
- Spring Security - password hashing
- Spring Security and H2: How to hash passwords
- Spring security_Password Encryption
- How to correctly encode password using ShaPasswordEncoder?
- Salting a password with spring 3 security
- Spring Security: use hashed password stored in database as salt of password encoder
- Hash (with Spring) and salt: is this safe?
- Spring Security 3 Hash Password Encoders