Mysql authentication _ MySQL

Mysql authentication bitsCN.com

Mysql authentication

MySQL's identity authentication protocol is a CHAP protocol, that is, challenge response.

S-> C: public_seed

C-> S: username, reply

S-> C: OK or error

For versions 4.1 and later, public_seed is a random of 20 printable ASCII characters.

Then the client calculates reply as follows:

Passphrase = sha1 ("password ")

Storedhash = sha1 (passphrase)

Reply = xor (passphrase, sha1 (public_seed, storedhash)

Storedhash is the hash password in the database on the server.

Then, after receiving reply, the server compares the following:

First, you can find storedhash in the database based on username.

Then calculate passphrase. The principle is that xor is reversible.

Passphrase = xor (reply, sha1 (public_seed, storedhash ))

Then perform sha1 on passphrase and perform binary comparison with storedhash.

Sha1 (passphrase) = storedhash

First, we know that the user password is saved in the password column of the mysql. user table and encrypted and saved as hash values.

The verification process is as follows: when the client requests a connection,

1. the server generates a random string and sends it to the client;

2. after receiving the random string, the client performs hash encryption.

Step 1: hash the password to obtain the hash value hash_stage1; eg. hash_stage1 = sha1 ("password ");

Step 2: perform secondary hash to obtain hash_stage2; eg. hash_stage2 = sha1 (hash_stage1 );

Step 3: hash the value obtained from the second hash of the password with the random string to obtain hash_stage3; eg. hash_stage3 = sha1 ("random string", hash_stage2 );

Step 4: Send the exception or handling request to the server to obtain reply = xor (hash_stage1, hash_stage3 );

Finally, send the reply value to the server.

3. the server performs the same hash operation after receiving reply.

Step 1: hash the password hashpassword and random string in the saved hash form to obtain server_hash_stage1 = sha1 ("random string", "hashpassword ");

Step 2: perform an exclusive or operation on the reply sent by the client and the obtained hash value to obtain xor_value; eg. xor_value = xor (reply, server_hash_stage1 );

Step 3: hash the obtained variance or value to obtain server_hash_stage2; eg. server_hash_stage2 = sha1 (server_hash_stage1 );

Step 4: verify and compare the obtained hash value server_hash_stage2 with the saved password hashpassword. Eg. server_hash_stage2 = hashpassword. if they are equal, the verification passes.

BitsCN.com