MYSQL 4 password hashing -> MYSQL 5

Question

I have a bit of a plight. My mysql 4.1.0 database has to be upgraded (1and1) but it seems the application used PASSWORD() for hashing. With the mysql 5 upgrade PASSWORD() gives an entirely different result as such the passwords can't be correctly read and validated.

OLD_PASSWORD() doesnt seem to encrypt/decrypt to the 4.1.0 version but rather the even earlier 4.0.

What can I do?

Answer 1

"For compatibility purposes, the old_passwords system variable was added, to enable DBAs and applications control over the hashing method. The default old_passwords value of 0 causes hashing to use the 4.1 method (41-byte hash values), but setting old_passwords=1 causes hashing to use the pre-4.1 method. In this case, PASSWORD() produces 16-byte values and is equivalent to OLD_PASSWORD()"

• http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html

I suggest forcing everyone to create a new password, validated via email and a random key, and then store the new passwords with a good method (use something like PHPass or at least bcrypt with salt).