Documentation Home
MySQL Internals Manual


MySQL Internals Manual  /  ...  /  Secure Password Authentication

14.3.3 Secure Password Authentication

Authentication::Native41:
  • client-side expects a 20-byte random challenge

  • client-side returns a 20-byte response based on the algorithm described later

Name

mysql_native_password

Requires

CLIENT_SECURE_CONNECTION

This method fixes a 2 short-comings of the Old Password Authentication:

  • using a tested, crypto-graphic hashing function which isn't broken

  • knowning the content of the hash in the mysql.user table isn't enough to authenticate against the MySQL Server.

The password is calculated by:

SHA1( password ) XOR SHA1( "20-bytes random data from server" <concat> SHA1( SHA1( password ) ) )

User Comments
User comments in this section are, as the name implies, provided by MySQL users. The MySQL documentation team is not responsible for, nor do they endorse, any of the information provided here.
Sign Up Login You must be logged in to post a comment.