Documentation Home
MySQL Internals Manual
Download this Manual
EPUB - 1.2Mb


MySQL Internals Manual  /  ...  /  Old Password Authentication

14.3.2 Old Password Authentication

Authentication::Old:
  • auth_method_name is mysql_old_password

  • client-side requires "8-byte random challenge" from server

  • client-side sends a 8-byte response based on the algorithm described later

Note

If the server announces Secure Password Authentication in the Initial Handshake Packet the client may use the first 8 byte of its 20-byte auth_plugin_data as input.

Warning

The hashing algorithm used for this auth method is broken as shown at http://sqlhack.com/ and CVE-2000-0981


User Comments
Sign Up Login You must be logged in to post a comment.