Sergei Golubchik skrev 2011-05-27 11:24:
> Just curious, why do you guys want new authentication plugin
> that uses sha256 and salt?
It is important to realize that this code is just a prototype on
something which we're discussing. The immediate plans for this in future
releases are not settled nor guaranteed. But from a pure technical stand
point I think it is important to invite more people to discussion in the
spirit of open source.
So why make a prototype? There is a driving demand to leave SHA-1 based
algorithms behind and start using SHA-2 based algorithms. There is a
proof of concept on attacking SHA-1 which are a year or two old, but I
haven't found anything similar to an exploit though. On the other hand,
it is important to be ahead of the game in the land of cryptography.
> Was the current (double SHA2) security found flawed?
There is no evidence that it is flawed and there is no evidence of
successful cryptographic attacks.
> Or you just like it salted?
Yes. It is suppose to make it more difficult to construct MySQL specific
> Or (conspiracy theory) it's a way to prevent open source MySQL clients
> (or servers) to talk to commercial MySQL servers (or clients)?
> No, it doesn't look like it.
Nope. We both want everyone to use MySQL, even paranoid governments with
a cryptographic fetish, wouldn't you agree? :)