MySQL Forums
Forum List  »  Security

Re: MySQL 8.0.35 and mysql_native_password
Posted by: Mike Frank
Date: February 20, 2024 03:15PM

The hash used for mysql_native_password is SHA1 based. Its usage is deprecated. SHA-1 has been compromised for over 7 years (2017) and is not longer recommended.

For mysql user/passwords the newer caching_sha2 replaces mysql_native_password. So FYI your above statement is in reverse.

You should set
[mysqld]
default_authentication_plugin=caching_sha2_password

https://dev.mysql.com/doc/refman/8.0/en/alter-user.html
To migrate a user to caching_sha2 - simply alter the user and reset the password.

See
https://dev.mysql.com/blog-archive/a-tale-of-two-password-authentication-plugins/

Note: we also support other external authentication methods (LDAP, AD, Kerberos, ...) as well as multi-factor authentication.

Options: ReplyQuote


Subject
Views
Written By
Posted
Re: MySQL 8.0.35 and mysql_native_password
377
February 20, 2024 03:15PM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.