List:Internals« Previous MessageNext Message »
From:Kristofer Pettersson Date:May 27 2011 10:14am
Subject:Re: Why SHA256+salt authentication ?
View as plain text  
Sergei Golubchik skrev 2011-05-27 11:24:
> Just curious, why do you guys want new authentication plugin
> that uses sha256 and salt?

It is important to realize that this code is just a prototype on
something which we're discussing. The immediate plans for this in future
releases are not settled nor guaranteed. But from a pure technical stand
point I think it is important to invite more people to discussion in the
spirit of open source.

So why make a prototype? There is a driving demand to leave SHA-1 based
algorithms behind and start using SHA-2 based algorithms. There is a
proof of concept on attacking SHA-1 which are a year or two old, but I
haven't found anything similar to an exploit though. On the other hand,
it is important to be ahead of the game in the land of cryptography.

> 
> Was the current (double SHA2) security found flawed?

There is no evidence that it is flawed and there is no evidence of
successful cryptographic attacks.

> Or you just like it salted?

Yes. It is suppose to make it more difficult to construct MySQL specific
rainbow tables.

> 
> Or (conspiracy theory) it's a way to prevent open source MySQL clients
> (or servers) to talk to commercial MySQL servers (or clients)?
> No, it doesn't look like it.
> 

Nope. We both want everyone to use MySQL, even paranoid governments with
a cryptographic fetish, wouldn't you agree? :)

Regards,
Kristofer
Thread
Why SHA256+salt authentication ?Sergei Golubchik27 May
  • Re: Why SHA256+salt authentication ?Kristofer Pettersson27 May
    • Re: Why SHA256+salt authentication ?Sergei Golubchik27 May
      • Re: Why SHA256+salt authentication ?Mats Kindahl27 May
        • Re: Why SHA256+salt authentication ?Sergei Golubchik27 May