List:General Discussion« Previous MessageNext Message »
From:Carsten H. Pedersen Date:January 29 2002 4:43pm
Subject:RE: MySQL PASSWORD function
View as plain text  
> Hi all,
> 
> I can't find a description of the algorithm used in the mySQL PASSWROD 
> function. I understand it's a hashing algorithm of some kind, but I 
> don't know which algorithm (and I suspect it's *not* MD5.)
> 
> Can anyone tell me what algorithm PASSWORD uses? The reason I ask is 
> that we're trying to implement role-based security using our existing 
> MySQL table of users, accessed via Java Servlet auth functions, which 
> can read the User table through JDBC. BUT.... they don't know anything 
> about PASSWORD-encrypted passwords, so I need to write something that 
> hashes the password entered in the same way MySQL hashes a password (or 
> abandon the use of servlet auth :-)
> 
> Any clues?

How about using the PASSWORD function directly?

SELECT PASSWORD('thepassword'), Password 
FROM user
WHERE User='username';

-- if they match, the unencrypted password matches.
Alternatively, 

SELECT PASSWORD('thepassword')=Password 
FROM user
WHERE User='username';

will return 1 on a match, 0 on non-match (watch out for
nonexisting usernames).

/ Carsten
--
Carsten H. Pedersen
keeper and maintainer of the bitbybit.dk MySQL FAQ
http://www.bitbybit.dk/mysqlfaq


Thread
MySQL PASSWORD functionJohn Kemp29 Jan
  • Re: MySQL PASSWORD functionDan Nelson29 Jan
  • Re: MySQL PASSWORD functionSinisa Milivojevic29 Jan
  • Re: MySQL PASSWORD functionChris Wilson29 Jan
  • RE: MySQL PASSWORD functionCarsten H. Pedersen29 Jan