The Information Systems and Computer Applications examination covers material that is usually taught in an introductory college-level business information systems course.

Posts tagged “Formato de la contraseña de MySQL

Formato de la contraseña de MySQL

En las versiones recientes de MySQL (+4.1) el formato por defecto se trata de un hash formado por 40 carácteres:

mysql> select password("");
| password("")                |
| *3E04A027486FB53129AC5812D2CF8E4062899311 |
1 row in set (0.00 sec)

Dicho hash corresponde al resultado de aplicar el SHA1 a la cadena que le pasamos dos veces, pero la segunda no sobre la cadena hexadecimal sino el hash binario, lo podemos ver en el código de MySQL:

    MySQL 4.1.1 password hashing: SHA conversion (see RFC 2289, 3174) twice
    applied to the password string, and then produced octet sequence is
    converted to hex string.
    The result of this function is used as return value from PASSWORD() and
    is stored in the database.
    buf       OUT buffer of size 2*SHA1_HASH_SIZE + 2 to store hex string
    password  IN  password string
    pass_len  IN  length of password string

void my_make_scrambled_password(char *to, const char *password,
                                size_t pass_len)
  SHA1_CONTEXT sha1_context;
  uint8 hash_stage2[SHA1_HASH_SIZE];

  /* stage 1: hash password */
  mysql_sha1_input(&sha1_context, (uint8 *) password, (uint) pass_len);
  mysql_sha1_result(&sha1_context, (uint8 *) to);
  /* stage 2: hash stage1 output */
  mysql_sha1_input(&sha1_context, (uint8 *) to, SHA1_HASH_SIZE);
  /* separate buffer is used to pass 'to' in octet2hex */
  mysql_sha1_result(&sha1_context, hash_stage2);
  /* convert hash_stage2 to hex string */
  *to++= PVERSION41_CHAR;
  octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);

Y lo podemos reproducir combinando las funciones SHA1() con UNHEX():

mysql> select sha1(unhex(sha1("")));
| sha1(unhex(sha1("")))      |
| 3e04a027486fb53129ac5812d2cf8e4062899311 |
1 row in set (0.00 sec)