How MySQL password verification works

How MySQL implements password verification this article helps you understand how MySQL performs password verification. First, we know that the user password is saved in the password column of the mysql. user table and encrypted and saved as hash values. The verification process of www.2cto.com is as follows: when the client requests a connection, 1. the server generates a random string and sends it to the client. 2. after receiving the random string, the client performs hash encryption. Step 1: hash the password to obtain the hash value hash_stage1; eg. hash_stage1 = sha1 ("password"); Step 2, rehash, and obtain hash_stage2; eg. hash_stage2 = sha1 (hash_stage1); Step 3: hash the value obtained by the second hash of the password with the random string to obtain hash_stage3; eg. hash_stage3 = sha1 ("random string", hash_stage2); Step 4: Send the exception or processing to the server to obtain reply = xor (hash_stage1, hash_stage3). Finally, send the reply value to the service. Device. Www.2cto.com 3. after receiving reply, the server performs the hash operation step 1. hash the saved hash password hashpassword and random string to get server_hash_stage1 = sha1 ("random string ", "hashpassword"); Step 2: perform an exclusive or operation on the reply sent by the client and the hash value just obtained to obtain xor_value; eg. xor_value = xor (reply, server_hash_stage1); Step 3, hash the obtained variance or value to obtain server_hash_stage2; eg. server_hash_stage2 = sha1 (server_hash_stage1); Step 4: Verify and compare the obtained hash value server_hash_stage2 with the Saved Password hashpassword. Eg. server_hash_stage2 = hashpassword. If they are equal, the verification passes. Author sissiyinxi