MYSQL 4密码哈希 - > MYSQL 5

时间:2021-06-14 06:20:26

I have a bit of a plight. My mysql 4.1.0 database has to be upgraded (1and1) but it seems the application used PASSWORD() for hashing. With the mysql 5 upgrade PASSWORD() gives an entirely different result as such the passwords can't be correctly read and validated.

我有点困惑。我的mysql 4.1.0数据库必须升级(1and1),但似乎应用程序使用PASSWORD()进行散列。使用mysql 5升级PASSWORD()会产生完全不同的结果,因此无法正确读取和验证密码。

OLD_PASSWORD() doesnt seem to encrypt/decrypt to the 4.1.0 version but rather the even earlier 4.0.

OLD_PASSWORD()似乎没有加密/解密到4.1.0版本,而是更早的4.0。

What can I do?

我能做什么?

1 个解决方案

#1

0  

"For compatibility purposes, the old_passwords system variable was added, to enable DBAs and applications control over the hashing method. The default old_passwords value of 0 causes hashing to use the 4.1 method (41-byte hash values), but setting old_passwords=1 causes hashing to use the pre-4.1 method. In this case, PASSWORD() produces 16-byte values and is equivalent to OLD_PASSWORD()"

“为了兼容性,添加了old_passwords系统变量,以使DBA和应用程序能够控制散列方法。默认的old_passwords值为0会导致散列使用4.1方法(41字节散列值),但设置old_passwords = 1会导致散列使​​用4.1之前的方法。在这种情况下,PASSWORD()产生16字节值,相当于OLD_PASSWORD()“

I suggest forcing everyone to create a new password, validated via email and a random key, and then store the new passwords with a good method (use something like PHPass or at least bcrypt with salt).

我建议强制每个人创建一个新的密码,通过电子邮件和随机密钥验证,然后用一个好方法存储新密码(使用像PHPass或至少使用盐的bcrypt)。

#1

0  

"For compatibility purposes, the old_passwords system variable was added, to enable DBAs and applications control over the hashing method. The default old_passwords value of 0 causes hashing to use the 4.1 method (41-byte hash values), but setting old_passwords=1 causes hashing to use the pre-4.1 method. In this case, PASSWORD() produces 16-byte values and is equivalent to OLD_PASSWORD()"

“为了兼容性,添加了old_passwords系统变量,以使DBA和应用程序能够控制散列方法。默认的old_passwords值为0会导致散列使用4.1方法(41字节散列值),但设置old_passwords = 1会导致散列使​​用4.1之前的方法。在这种情况下,PASSWORD()产生16字节值,相当于OLD_PASSWORD()“

I suggest forcing everyone to create a new password, validated via email and a random key, and then store the new passwords with a good method (use something like PHPass or at least bcrypt with salt).

我建议强制每个人创建一个新的密码,通过电子邮件和随机密钥验证,然后用一个好方法存储新密码(使用像PHPass或至少使用盐的bcrypt)。

标签:

相关文章