MySQL Forums
Forum List  »  Security

Re: Password security
Posted by: matthew crowley
Date: December 13, 2004 10:46AM

from some old mysql documentation:
Calculates a password string from the plaintext password str. This is the function that is used for encrypting MySQL passwords for storage in the Password column of the user grant table:
mysql> select PASSWORD('badpwd');
-> '7f84554057dd964b'

PASSWORD() encryption is non-reversible. PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. You should not assume that if your Unix password and your MySQL password are the same, PASSWORD() will result in the same encrypted value as is stored in the Unix password file. See ENCRYPT().
Encrypt str using the Unix crypt() system call. The salt argument should be a string with two characters. (As of MySQL Version 3.22.16, salt may be longer than two characters.):
mysql> select ENCRYPT("hello");

If crypt() is not available on your system, ENCRYPT() always returns NULL. ENCRYPT() ignores all but the first 8 characters of str, at least on some systems. This will be determined by the behavior of the underlying crypt() system call.
Encrypt str using pass_str as the password. To decrypt the result, use DECODE(). The results is a binary string of the same length as string. If you want to save it in a column, use a BLOB column type.
Descrypts the encrypted string crypt_str using pass_str as the password. crypt_str should be a string returned from ENCODE().
Calculates a MD5 checksum for the string. Value is returned as a 32 long hex number that may, for example, be used as a hash key:
mysql> select MD5("testing");
-> 'ae2b1fca515949e5d54fb22b8ed95575'

This is an "RSA Data Security, Inc. MD5 Message-Digest Algorithm".

Options: ReplyQuote

Written By
November 30, 2004 03:21PM
December 02, 2004 02:30PM
December 02, 2004 04:13PM
December 03, 2004 06:08AM
Re: Password security
December 13, 2004 10:46AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.