Documentation Home
MySQL Internals Manual

MySQL Internals Manual  /  ...  /  Old Password Authentication

14.3.2 Old Password Authentication

  • auth_method_name is mysql_old_password

  • client-side requires "8-byte random challenge" from server

  • client-side sends a 8-byte response based on the algorithm described later


If the server announces Secure Password Authentication in the Initial Handshake Packet the client may use the first 8 byte of its 20-byte auth_plugin_data as input.


The hashing algorithm used for this auth method is broken as shown at and CVE-2000-0981