[Gllug] [OT] MySQL experts?
Paul Brazier
pbrazier at cosmos-uk.co.uk
Wed Feb 20 16:38:57 UTC 2002
> > I think you can actually connect to a MySQL database even
> if you only
> > know the encrypted form of the passwords i.e. without having
> > to reverse
> > the password encryption.
> > So only 16^3 possibilities to try? ;)
>
> Not in my version. I imagine it doing the de-encryption on
> the encrypted
> password and coming up with some spectacular results. Can
> anyone remind me
> of the technical term for crypto that gets un encrypted on the next
> encryption (breathe).
This is from http://www.mysql.com/doc/U/s/User_names.html :
"MySQL encrypts passwords using a different algorithm than the one used
during the Unix login process. See the descriptions of the PASSWORD()
and ENCRYPT() functions in section 6.3.6.2 Miscellaneous Functions. Note
that even if the password is stored 'scrambled', and knowing your
'scrambled' password is enough to be able to connect to the MySQL
server!"
unless I'm misinterpreting it?
Paul.
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the originator.
This footnote also confirms that this email message has been checked
for the presence of computer viruses.
**********************************************************************
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list