Shulou(Shulou.com)06/01 Report--

Environment:

CentOS6.8x86_64

MySQL 5.6Community Edition

Selectuser,host,password from mysql.user where user = 'rpl'

+-- +

| | user | host | password | |

+-- +

| | rpl |% | * 624459C87E534A126498ADE1B12E0C66EDA035A3 |

+-- +

Check the document and find that the password encryption algorithm of MySQL is as follows:

MySQL actually uses two SHA1 and one unhex to encrypt the user's password.

The specific algorithm can be expressed by formula: password_str= concat ('*', sha1 (unhex (sha1 (password)

Experimental verification:

Select password ('rpl'), concat (' *', sha1 (unhex (sha1 ('rpl')

You can see that the two calculated passwords are the same.

Security of MySQL5.6 password

The experiment found that on 5.6.34, executing the statement create user abc@'%' identified by 'Abcd@1234'; will not show the plaintext password in binlog.

According to the official statement, none of the following authorization policies will record the plaintext password.

CREATE USER... IDENTIFIED BY...

GRANT... IDENTIFIED BY...

SET PASSWORD...

SLAVE START... PASSWORD =... (as of 5.6.4)

CREATE SERVER... OPTIONS (… PASSWORD...) (as of 5.6.9)

ALTER SERVER... OPTIONS (… PASSWORD...) (as of 5.6.9)

However, if you pay attention, you will find that when configuring the master-slave environment, the slave node executes something like the following:

CHANGE MASTER TO

MASTER_HOST='192.168.2.11'

MASTER_USER='rpl'

MASTER_PASSWORD='rpl'

MASTER_PORT=3306

MASTER_LOG_FILE='mysql-bin.000012'

MASTER_LOG_POS=500

There will be a warning prompt.

This is because the change master to operation is still recorded as a plaintext password.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.