Bug #67058 Automatic password rehash
Submitted: 2 Oct 2012 20:31 Modified: 5 Oct 2012 18:01
Reporter: Daniël van Eeden Email Updates:
Status: Open Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version:5.6 OS:Any
Assigned to: CPU Architecture:Any

[2 Oct 2012 20:31] Daniël van Eeden 
Description:
Feature request:

When autenticating a user with an old (less secure) password hash do a transparent rehash. The cleartext password which is needed for this is known during autentication.

This makes it easier to switch to more secure password.

How to repeat:
See description
[5 Oct 2012 8:57] Hartmut Holzgraefe 
The cleartext password is only known the the client, not the server, as hashing already happens on the client side.

What you're suggesting would require a protocol extension and changes in *all* clients.
[5 Oct 2012 18:01] Daniël van Eeden 
Could the client compute and send the new hash?