How does MySQL know which algorithm to use when reading logins stored in mysql.user?
https://stackoverflow.com/questions/7893805
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I see that MySQL 5.5 allows use of SHA-2() for setting passwords, and that straight MD5 hashes are insecure and should no longer be used (ditto for default PASSWORD function).
Before I go UPDATE happy and change a bunch of passwords, how does MySQL know which algorithm to use to check my supplied password? Does it magically know what algorithm was used to encrypt the user's password, or do we specify this in the conf file?
UPDATE: I tested with a new account to see what happens. Using PASSWORD('mypass') works however applying SHA1('mypass') results in that account not being able to log in.
Solution
Probably by the length of the hash stored in the table. An MD5 hash would be 128 bits, a SHA1 hash would be 160 bits, and a SHA2 hash would be at least 224 bits.
