MySQL Forums
Forum List  »  Delphi

Creating Password hash for the new 'caching_sha2_password'
Posted by: Nils Hoyer
Date: September 18, 2018 11:53PM

Hello, my first post in this forum - I hope I do everything fine...

I have my own MySQL client developed in Delphi to connect to the MySQL server. I like my own client, since I want to offer a one file .exe program to my users for portable working.

Until now, everything worked fine - but now I have to generate the new password encoding. As far as I understood I have to do this with SHA 256 - and Delphi offers inside the unit Hash the THashSHA2 record to do this.

But there are some things I don't understand: How do I handle the RSA Public Key received from the MySQL server inside the hash function. And how do I handle the auth-plugin-data received from the MySQL server?

With the "old" password encoding I had this code:
sha1_reset(sha1_context);
//* stage 1: hash Password */
sha1_input(sha1_context, Password, AnsiStrings.StrLen(Password));
sha1_result(sha1_context, @hash_stage1[0]);
//* stage 2: hash stage 1; note that hash_stage2 is stored in the database */
sha1_reset(sha1_context);
sha1_input(sha1_context, @hash_stage1[0], SCRAMBLE_LENGTH);
sha1_result(sha1_context, @hash_stage2[0]);
//* create crypt AnsiString as sha1(message, hash_stage2) */;
sha1_reset(sha1_context);
sha1_input(sha1_context, PAnsiChar(Salt), SCRAMBLE_LENGTH);
sha1_input(sha1_context, @hash_stage2[0], SCRAMBLE_LENGTH);
//* xor allows 'from' and 'to' overlap: lets take advantage of it */
sha1_result(sha1_context, @scramled);

for I := 0 to SCRAMBLE_LENGTH - 1 do
Scramled := AnsiChar(Byte(Scramled) xor Byte(hash_stage1));

Now I have to write my new code for the new password encoding. Can somebody assist me?

Options: ReplyQuote


Subject
Written By
Posted
Creating Password hash for the new 'caching_sha2_password'
September 18, 2018 11:53PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.