List:Internals« Previous MessageNext Message »
From:Eric Day Date:May 19 2009 7:21pm
Subject:Re: mysql authentication internals
View as plain text  
Hi Eric,

The server sends a 20-byte scramble with the first handshake packet
(con->scramble in the code below). The client then does the following
with the plaintext password (con->password):

  /* First hash the password. */
  SHA1Update(&ctx, (uint8_t *)(con->password), strlen(con->password));
  SHA1Final(hash_tmp1, &ctx);

  /* Second, hash the password hash. */
  SHA1Update(&ctx, hash_tmp1, SHA1_DIGEST_LENGTH);
  SHA1Final(hash_tmp2, &ctx);

  /* Third, hash the scramble and the double password hash. */
  SHA1Update(&ctx, con->scramble, SHA1_DIGEST_LENGTH);
  SHA1Update(&ctx, hash_tmp2, SHA1_DIGEST_LENGTH);
  SHA1Final(buffer, &ctx);

  /* Fourth, xor the last hash against the first password hash. */
  for (x= 0; x < SHA1_DIGEST_LENGTH; x++)
    buffer[x]= buffer[x] ^ hash_tmp1[x];

The 'buffer' is then sent back to the server for verification using
the stored password hash and the same scramble the server sent to
the client.


On Tue, May 19, 2009 at 11:20:56AM -0700, zǝıɹɟǝp ɔıɹǝ wrote:
> can someone explain to me how mysql user authentication happens over
> the network?  i've seen
> but i'm
> wondering more about key exchange, CRAM, etc, SSL aside.  given the
> password hash (as stored in the mysql.user table) and the ability to
> sniff a successful authentication (but not the ability to spoof
> DNS/hijack the connection) how computationally difficult is it to
> compute the password or successfully impersonate the user to mysql?
> thanks,
> eric
> --
> MySQL Internals Mailing List
> For list archives:
> To unsubscribe:
mysql authentication internalszǝıɹɟǝp ɔıɹǝ19 May
  • Re: mysql authentication internalsEric Day19 May