0

Does anyone know what encryption algorithm/method/mode/length etc was used in the generation of the 16-character passwords in MySQL prior to version 4.1? These sometimes would be referred to as generated by the OLD_PASSWORD() function in later releases.

I had previously thought it was using MD5 but in my ignorance had not noticed the difference in character length, MD5 being 128-bit requires 32 characters when represented in hexadecimal.

Note: Don't panic, I'm not using these 16-character passwords or MD5's, just seeking to improve my knowledge as part of professional development. Thank you.

richhallstoke
  • 218
  • 1
  • 7
  • 1
    This implementation might be helpful: https://www.laszlo.nu/2010/01/08/old-password.html but you can always grab an old version of the source code to verify (assuming you can find one - Oracle haven't made it easy to find!) – Matthew Jan 03 '17 at 10:50
  • 1
    this really isn't a security question but a MySQL internals question. Also, it appears to be answered here: http://security.stackexchange.com/questions/3133/mysql-old-password-cryptanalysis – schroeder Jan 03 '17 at 11:03
  • @schroeder I'd seen that post and it seemed to address how to reverse the hash but doesn't directly answer my questions regarding what the name of the algorithm/method is and what ciphers used etc - I'm not able to figure this out from the source code posted on that answer. – richhallstoke Jan 03 '17 at 14:52
  • @Matthew That blog article shows me its obviously a bespoke algorithm rather than based on any standard method or cipher, and that source code is simple enough to see what's going on. I would have accepted that comment as an answer. Thank you. – richhallstoke Jan 03 '17 at 14:54
  • @richhallstoke the link in the question explains the hash method – schroeder Jan 03 '17 at 15:51

0 Answers0