From: Dan Nelson
Date: January 29 2002 4:35pm
Subject: Re: MySQL PASSWORD function
List-Archive: http://lists.mysql.com/mysql/97857
Message-Id: <20020129163521.GD92289@dan.emsphone.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

In the last episode (Jan 29), John Kemp said:
> Hi all,
> 
> I can't find a description of the algorithm used in the mySQL PASSWROD 
> function. I understand it's a hashing algorithm of some kind, but I 
> don't know which algorithm (and I suspect it's *not* MD5.)

The algorithm is in the sql/password.c file.
 
> Can anyone tell me what algorithm PASSWORD uses? The reason I ask is 
> that we're trying to implement role-based security using our existing 
> MySQL table of users, accessed via Java Servlet auth functions, which 
> can read the User table through JDBC. BUT.... they don't know anything 
> about PASSWORD-encrypted passwords, so I need to write something that 
> hashes the password entered in the same way MySQL hashes a password (or 
> abandon the use of servlet auth :-)

Just have mysql do it:

select (PASSWORD('thepassword') = password) from user where user='theuser';

will return 1 if 'theuser's password is 'thepassword', and 0 otherwise.


-- 
	Dan Nelson
	dnelson@stripped