MySQL Forums
Forum List  »  Security

Re: SHA1 handshake pass
Posted by: John Schellingerhout
Date: September 21, 2017 05:15AM

Hi thanks a lot, it helps me out a lot.
The reason is we're talking from PLC's, which doesn't have ability (nor enough space either) to implement or use connectors.
From your information, I see I misses data after database name, so that information I think was from MySQL <5.5. Maybe that's the reason for acces denied.

Can you verify this should work:

pass1 = SHA1(pass) //20byte
pass2 = SHA(pass1) //20byte
pass3 = SHA1((serversalt[8byte]+serversalt[other 12 bytes]) + pass2); //40byte

for (i=0; i<20; i++)
{
pass_2bsent = pass1 XOR pass3
}

Is this a correct implementation of passwordhasing?

I did a wiresharklog while connecting MySQL Workbench and except the part after database (and of course password itself) the packet was the same as the one from PLC.

Best regards,

Options: ReplyQuote


Subject
Views
Written By
Posted
1125
September 18, 2017 02:58AM
552
September 19, 2017 03:08AM
Re: SHA1 handshake pass
517
September 21, 2017 05:15AM
504
September 25, 2017 02:16AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.