[thelist] md5 hashed password problem

Hassan Schroeder hassan.schroeder at gmail.com
Wed Aug 15 09:15:00 CDT 2007


On 8/15/07, Bob Meetin - 303-926-0167 - www.dottedi.biz
<bobm at dottedi.biz> wrote:

> In moving a registration system from a shared hosting provider to
> another I ran into a problem with the passwords not authenticating.

> select * from members where login='some_member' AND
> password=PASSWORD('entered_password')
> select * from members where login='some_member' -->> this returns a record

> RESPONSE FROM SUPPORT:
>
> "This is because each server has an md5 function that deciphers hashed passwords such as this.

> OK - this seems reasonable as an explanation

And yet it's wildly wrong, as this page will tell you:
<http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html#function_password>

MySQL doesn't use MD5 for password encryption. Aside from the fact
that MD5 is one-way -- no "decipher" available :-)

In a case like this, it would helpful to know what versions of MySQL
were involved, but I'll go out on a limb and guess they're different :-)
Have you tried using

select * from members where login='some_member' AND
   password=OLD_PASSWORD('entered_password')

If you have access to both systems, you can easily confirm whether
their encryption is different by doing something on each  like
   SELECT PASSWORD("bananas")
and comparing the results.

HTH,
-- 
Hassan Schroeder ------------------------ hassan.schroeder at gmail.com



More information about the thelist mailing list