MySQL :: Re: validate_password

Contact MySQL |
Login | Register

The world's most popular open source database

Documentation Downloads MySQL.com

Developer Zone

Section Menu:

New Topic

Re: validate_password_strength

Posted by: Georgi Kodinov
Date: July 11, 2016 02:53AM

Christian,

The password in your example is not encrypted, it's hashed. And the difference is that hashing is irreversible, i.e. you can't know the original password knowing the hash only (without employing special computationally extensive techniques).

So the answer to your question whether you can evaluate existing passwords by hash only is: not in the general case.

One way to fix that is to force a password rotation for the existing users, i.e. mark their passwords as expired. Then you still won't know their passwords, by they'd be able to login and change them so that they comply with the newly enforced password strength policy.

See http://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html for more details on password expiration.

Navigate: Previous Message• Next Message

Options: Reply• Quote

Subject

Views

Written By

Posted

validate_password_strength

1677

Christian Molecki

June 07, 2016 01:27AM

Re: validate_password_strength

845

Georgi Kodinov

July 11, 2016 02:53AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.