On Mon, 2011-03-07 at 13:51 +0100, Johan De Meersman wrote:
Umm... I'm no crypto guru, but I've never heard of MD5 having variants, let alone a salt. MD5 is MD5 is MD5. APR, incidentally, is the Apache Runtime, afaik - part of the build kit for apache modules.

I strongly suspect your problem is on another level.

Actually, he is correct. Though, the Apache variant of md5 is a chosen improved security method, it really shouldn't be called MD5 since it is not compatible with, well, base MD5 :)


"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm.


$ openssl passwd -apr1 myPassword

I agree Apache should probably not be calling it MD5. Perhaps it needs renaming and MD5 as we all know it, be, MD5.

and for this reason I will xpost to devs list for some clear (maybe) explanation as to why it was called this.

I don't think Edward's questioning is unreasonable, given the popularity of LAMP combination, they are touted to work hand in hand, but as he pointed out, they are not, even exampled by openssl wanting -apr1  not -md5 to be compatible, so I can see how
this would be a problem with MySQL insert of md5(foo)  not be recognised by an Apache md5 wanting.


----- Original Message -----
> From: "Edward avanti" <edward.avanti@gmail.com>
> To: mysql@lists.mysql.com
> Sent: Monday, 7 March, 2011 5:54:02 AM
> Subject: Re: mysql apache md5
> everything to do with mysql
> I try make it clearer, sorry for not so in first post
> customer relationship manager add users into mysql
> we want not to use apache auth of encrypt, but use md5 for longer
> password
> apache use variant of md5, called md5 -apr, but mysql md5  only uses
> the -1
> type
> so, when CRM add userlike
> INSERT INTO users  (..other....`appass`) values  (...other...
> 'MD5('$PASS')
>   ....
> the md5 -1 that mysql uses is not compatible so apache auth fail. the
> variant is apaprently add
> $apr1$<up to 8 chars>$md5passwordhere,
> making allabove line the salted md5.
> I try to get mysql and apache to play nice, but thy do not because
> mysql and
> apache not use same method, hence my attempt to work around, even SHA
> same
> affect, i am try use anything but DES encrypt('$PASS')
> sadly that only thing that work happily witrh each other.
> openssl have ability to do this so not sure why mysql not have option
> Sure someone had same problem and simple work around to have mysql
> use
> correct md5, but no google fu work

Bier met grenadyn
Is als mosterd by den wyn
Sy die't drinkt, is eene kwezel
Hy die't drinkt, is ras een ezel