client-side expects a 20-byte random challenge
client-side returns a 20-byte response based on the algorithm described later
This method fixes a 2 short-comings of the
using a tested, crypto-graphic hashing function which isn't broken
knowning the content of the hash in the
mysql.usertable isn't enough to authenticate against the MySQL Server.
The password is calculated by:
SHA1( password ) XOR SHA1( "20-bytes random data from server" <concat> SHA1( SHA1( password ) ) )