Documentation Home
MySQL Internals Manual

MySQL Internals Manual  /  ...  /  Old Password Authentication

14.3.2 Old Password Authentication

  • auth_method_name is mysql_old_password

  • client-side requires "8-byte random challenge" from server

  • client-side sends a 8-byte response based on the algorithm described later


If the server announces Secure Password Authentication in the Initial Handshake Packet the client may use the first 8 byte of its 20-byte auth_plugin_data as input.


The hashing algorithm used for this auth method is broken as shown at and CVE-2000-0981

User Comments
User comments in this section are, as the name implies, provided by MySQL users. The MySQL documentation team is not responsible for, nor do they endorse, any of the information provided here.
Sign Up Login You must be logged in to post a comment.