Reputation: 113
How to hash passwords in mysql for spring security compatibility
I'm loading a lot of user profiles at once. I generate the SQL script for the mysql database using the password() function.
But this dosen't make it. The password generated is not the same one generated in spring boot application form.
This is for MySQL server 5.7.26 running on linux 4.15.0-54 and java 8
for example for the password string 'test0000', the spring security generated password is :
5f7433f76544679849ec917c3baa70e0852b3d025fb52ecb7839c6fe911f75c49b3b2315aa3589c
but with the password('test0000') function in mysql it gives :
*FED47FB319BAC61E726825628D8A5D22979E9F1C
So how to generate the springboot like password on mysql or in the commandline in linux?
Upvotes: 0
Views: 601
Answers (1)
Reputation: 551
MySQL's password() function uses SHA1(SHA1(password)) to calculate hash.
The Spring Security uses PasswordEncoder interface to encode and match and has different implementations available to handle BCrypt, MD5, SHA256, etc.
So, for the passwords to be compatible on both ends, you need to use the same algorithm.
Since the hashing algorithms are slow, it is not advised to use these in the SQL.
Upvotes: 1
Related Questions
- How to store hashed password in database?
- Hashing and Salting Passwords with Spring Security 3
- Spring Security - password hashing
- How do I store a salt in mysql database for secure password encryption?
- Spring Security and H2: How to hash passwords
- Spring security_Password Encryption
- Implementing hash and salt in Spring 3 security
- MySQL PASSWORD() function and SpringSecurity ShaPasswordEncoder
- Salting a password with spring 3 security
- Spring security password hash + salt