From: Ed Carp
Date: March 22 1999 3:45pm
Subject: Re: user database question
List-Archive: http://lists.mysql.com/mysql/771
Message-Id: <007901be747a$fd08d840$74c9a8c0@traveler.airmail.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

>Why does mysql use the same salt everytime it encrypts
>a user password inserted into the user database with
>the GRANT... command?
>
>(at least it seems to do so -- 2 users with the same
> password gets the same password entry in the
> "user" datasbase)


It doesn't.  In fact, it doesn't use the crypt() function at all - it uses a
variant of XOR, which is trivial to break.