MySQL Forums
Forum List  »  Security

Native authentication - response challenge 32 bytes
Posted by: Andrew Gee
Date: March 10, 2021 09:35AM

According to https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase_authentication_methods_native_password_authentication.html the response challenge should be 20 bytes long.

However when I observe the packet Workbench, sends, it appears to be 32 bytes long.

Similar to this:

32,68,173,13,231,191,161,153,30,41,21,250,249,153,135,133,13,173,255,39,196,221,237,165,245,13,184,232,15,239,171,236,230

Other clients, such as Navicat appear to send 20 bytes (which is what I'd expect). Similar to this:

20,35,28,96,65,93,1,49,22,163,0,167,200,192,101,93,181,151,68,156,125

Why does this discrepancy exist? Is it something to do with the Hex() function that this document mentions:

https://dev.mysql.com/doc/internals/en/x-protocol-authentication-authentication.html

How would you convert from the 20 byte format to the 32 byte format?

Options: ReplyQuote


Subject
Views
Written By
Posted
Native authentication - response challenge 32 bytes
321
March 10, 2021 09:35AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.