This page will help you to differentiate the two hashing methods used in MySQL databases (all versions).
The biggest change was done with version 4.1, when they introduced a stronger hashing algorithm based on SHA-1.
The Original (Pre-4.1) Hashing Method
Prior to MySQL v4.1, password hashes computed by the PASSWORD() function are 16 bytes long. Such hashes look like this:
mysql_3.23> SELECT PASSWORD('mypass');
| PASSWORD('mypass') |
| 6f8c114b58f2ce9e |
This hash is commonly called "mysql323" as this is the last version of MySQL to use this kind of hash.
The 4.1 (and upper) Hashing Method
MySQL 4.1 introduced password hashing that provided better security and reduced the risk of passwords being intercepted. There were several aspects to this change:
- Different format of password values produced by the PASSWORD() function
- Widening of the Password column
- Control over the default hashing method
- Control over the permitted hashing methods for clients attempting to connect to the server
- Password hashes in the 4.1 format always begin with a “*” character, whereas passwords in the pre-4.1 format never do.
The changes in MySQL 4.1 took place in two stages:
The longer password hash format has better cryptographic properties, and client authentication based on long hashes is more secure than that based on the older short hashes.
To accommodate longer password hashes, the Password column in the user table was changed at this point to be 41 bytes, its current length.
For developpers, a MySQL hash can be computed with :
// PHP code
$sha1_hex = sha1(sha1($string,true);
How to crack those hashes
You can paste your mysql323 hash (16-bytes) or MySQl 4.1/5+ hashes (40-bytes, without '*' !) in our system.
Note : This website can crack 100% of your "MySQL323" 16-bytes hashes. Bruteforce or/and collision are used.