MySQL :: MySQL 3.23, 4.0, 4.1 Reference Manual :: 5.4.2.5 Password Hashing in MySQL 4.1.0

MySQL 3.23, 4.0, 4.1 Reference Manual :: 5 MySQL Server Administration :: 5.4 General Security Issues :: 5.4.2 Password Security in MySQL :: 5.4.2.5 Password Hashing in MySQL 4.1.0

« 5.4.2.4 Implications of Password Hashing Changes in MySQL 4.1 for Application Programs

5.4.3 Making MySQL Secure Against Attackers »

Section Navigation [Toggle]

5.4.2 Password Security in MySQL
5.4.2.1 Administrator Guidelines for Password Security
5.4.2.2 End-User Guidelines for Password Security
5.4.2.3 Password Hashing in MySQL
5.4.2.4 Implications of Password Hashing Changes in MySQL 4.1 for Application Programs
5.4.2.5 Password Hashing in MySQL 4.1.0

5.4.2.5. Password Hashing in MySQL 4.1.0

Password hashing in MySQL 4.1.0 differs from hashing in 4.1.1 and up. The 4.1.0 differences are:

Password hashes are 45 bytes long rather than 41 bytes.
The PASSWORD() function is nonrepeatable. That is, with a given argument X, successive calls to PASSWORD(X) generate different results.

These differences make authentication in 4.1.0 incompatible with that of releases that follow it. If you have upgraded to MySQL 4.1.0, it is recommended that you upgrade to a newer version as soon as possible. After you do, reassign any long passwords in the user table so that they are compatible with the 41-byte format.

Previous / Next / Up / Table of Contents

User Comments

Add your own comment.

Top / Previous / Next / Up / Table of Contents