Re: Unix passwd file and mysql authentication table

Fri, 27 Jul 2001 20:11:10 -0700 


On 27-Jul-2001 Joshua J. Kugler wrote:
> Is this an undocumented feature that I missed?  You just have to specify the
> as TYPE_passwd and it will automatically encrypt using that algorithm?  I 
> don't see anything in the documentation for ENCRYPT about this.  Or am I 
> really missing something?
> 

Well, no; Perhaps my example(s) on FreeBSD are misleading.

Under BSD (+ some SysV boxes i've worked with) you can have multiple
encryption methods depending on installed libs; the salt determines the
library to use.

A salt of '$1$' gives you MD5, '$2$' is BlowFish, ... any other valid DES
characters goes DES. 
No salt at all is implementation defined.

My point was the MySQL PASSWORD (a hex-representantion of a BIGINT hash -- 
& an extremely good hash, BTW) thats used for authenticating clients has
nothing to do with the crypt(3) libraries you may have installed.

PASSWORD()        -> private to MYSQL
ENCRYPT/ENCODE()  -> your system libs (Note my BlowFish crypt below)

> 
>> mysql> select encrypt('mypass','Az') as DES_passwd;
>> +---------------+
>> | DES_passwd    |
>> +---------------+
>> | Az7.WJ.dhG.ds |
>> +---------------+
>> 1 row in set (0.00 sec)
>>
>> mysql> select encrypt('mypass','$1$') as MD5_passwd;
>> +----------------------------+
>> | MD5_passwd                 |
>> +----------------------------+
>> | $1$$y6yg42JZIjxLYEdRp0CD70 |
>> +----------------------------+
>> 1 row in set (0.00 sec)
>>
>> mysql> # dont have blowfish libs
>> mysql> select encrypt('mypass','$2$') as Blowfish;
>> +----------+
>> | Blowfish |
>> +----------+
>> | : _ _ _ _|
>> +----------+
>> 1 row in set (0.00 sec)
> 

Regards,
-- 
Don Read                                       [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to 
   steal the neighbor's newspaper, that's the time to do it.
                            (53kr33t w0rdz: sql table query)

---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to