MySQL 41 byte Password Hashes

Security related issues

MySQL 41 byte Password Hashes

Postby MrMeek » Mon Mar 07, 2011 3:13 pm

I am experimenting with a MySQL connector (https://launchpad.net/myconnpy) that requires the use of post MySQL 4.1 (41 byte) password hashes (http://dev.mysql.com/doc/refman/5.5/en/ ... shing.html). OSDial <= 2.2.9 is configured out of the box to use old passwords. Will configuring mysqld for old_passwords=0 interfere with any of the OSDial processes? (Pretty sure perl won't be affected as the MySQL DBI module should respect this change as well, ... but there's still a bunch of stuff under the hood I haven't had time to pick apart yet.)

Is there any reason the old 16 byte hashing method has been chosen as the default? (Compatibility with pre MySQL 4.1 clients?)
MrMeek
 
Posts: 8
Joined: Mon Mar 07, 2011 2:24 pm
Location: FL

Re: MySQL 41 byte Password Hashes

Postby sentm » Tue Mar 08, 2011 10:01 am

At one time it was a problem with the Perl (DBD::mysql) client libraries. However, this has not been revisited in a very long time. I wish I could say for certain that setting old_passwords=0 would work...but I can't.

Please, give it a shot. Don't forget to reset the osdial user password in MySQL with whatever you have in /etc/osdial.conf.
Code: Select all
mysql
use mysql;
update user set password=PASSWORD('osdial1234') where user='osdial';
flush privileges;
exit


As long as you can still run one of the perl scripts (try /opt/osdial/bin/osdial_astgen.pl) and access the web UI, everything should work fine. You may want to restart all of the OSDial processes as well (/opt/osdial/bin/osdial-killall.sh).

If it still does not work, keep old_passwords=0 and try the following:
Code: Select all
mysql
use mysql;
update user set password=OLD_PASSWORD('osdial1234') where user='osdial';
flush privileges;
exit


The later of the two methods will run old_passwords=0, except for the user specified in the SQL statement.
sentm
 
Posts: 87
Joined: Wed May 26, 2010 10:53 pm
Location: Orlando, FL


Return to Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron