| Bug #47254 | Password() Password_OLD() return same hash | ||
|---|---|---|---|
| Submitted: | 10 Sep 2009 15:10 | Modified: | 10 Sep 2009 15:58 |
| Reporter: | Steve Wilson | Email Updates: | |
| Status: | Not a Bug | Impact on me: | |
| Category: | MySQL Server | Severity: | S2 (Serious) |
| Version: | 5.1.37 | OS: | Linux (Fedora Core 11) |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | Password hashing | ||
[10 Sep 2009 15:49]
Valeriy Kravchuk
Please, send the results of: show global variables like 'old%'; from your server.
[10 Sep 2009 15:53]
Steve Wilson
'old', 'OFF' 'old_alter_table', 'OFF' 'old_passwords', 'ON'
[10 Sep 2009 15:58]
Valeriy Kravchuk
If old_passwords is ON, this is not a bug, but documented behavior. Please, check http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html.
Description: Discovered this when trying to access via PHP and mysqlnd. Checked user table, and found all passwords stored as 16-bit hash. Checked table structure, and the width of the password field is 41-bit. But select password('fred'), old_password('fred') returns '0569ef75321b8fed' for both fields. I cannot set my passwords to 41-bit hashing, and thus cannot use mysqlnd on this server. Have run mysql_update. I'm pretty sure this server was built originally as MySQL 5.x, so I'm unclear why this is happening. How to repeat: select password('fred'), old_password('fred')