Authentication::Native41:

The server name is mysql_native_password
The client name is *mysql_native_password"
Client side requires an 20-byte random challenge from server
Client side sends a 20-byte response packet based on the algorithm described later.

This method fixes a 2 short-comings of the Old Password Authentication

using a tested, crypto-graphic hashing function (SHA1)
knowning the content of the hash in the mysql.user table isn't enough to authenticate against the MySQL Server.

The network packet content for the password is calculated by:

SHA1( password ) XOR SHA1( "20-bytes random data from server" <concat> SHA1( SHA1( password ) ) )

The following is stored into mysql.user.authentication_string

SHA1( SHA1( password ) )

See also: native_password_authenticate, native_password_auth_client, native_password_client_plugin, native_password_handler, check_scramble_sha1, compute_two_stage_sha1_hash, make_password_from_salt