PASSWORD MySQL 5.6.21-1ubuntu14.04_amd64

/*****************************************************************************

The main idea was that no password was sent between client & server on

Connection and that no password is saved in MySQL in a decodable form.

On connection a random string was generated and sent to the client.

The client generates a new string with a random generator inited with

The hash values from the password and the sent string.

This ' check ' string was sent to the server where it was compared with

A string generated from the stored hash_value of the password and the

Random string.

The password is saved (in User.password) by using the password () function in

Mysql.

This is. c file because it's used in Libmysqlclient, which was entirely in C.

(We need it to is portable to a variety of systems). Example:

Update user set Password=password ("Hello") where user= "test"

This saves a hashed number as a string in the password field.

The new authentication is performed in following manner:

Server:public_seed=create_random_string ()

Send (Public_seed)

CLIENT:RECV (Public_seed)

HASH_STAGE1=SHA1 ("password")

HASH_STAGE2=SHA1 (Hash_stage1)

Reply=xor (Hash_stage1, SHA1 (PUBLIC_SEED,HASH_STAGE2)

This three steps is done in scramble ()

Send (Reply)

Server:recv (Reply)

Hash_stage1=xor (reply, SHA1 (Public_seed,hash_stage2))

CANDIDATE_HASH2=SHA1 (Hash_stage1)

Check (CANDIDATE_HASH2==HASH_STAGE2)

This three steps is done in check_scramble ()

*****************************************************************************/

PASSWORD MySQL 5.6.21-1ubuntu14.04_amd64