Chris Bornhoft Chris Bornhoft - 1 month ago 12
MySQL Question

Equivalent OLD_PASSWORD function with MySQL 5.7.5+

I'm working with a legacy codebase here that currently uses

OLD_PASSWORD()
as a simple hashing function. This codebase now needs to connect to a database running the newest revision of MySQL 5.7.

The equivalent of
PASSWORD()
seems to be:
UPPER(SHA1(UNHEX(SHA1(password))))
.

Is there a similar equivalent to
OLD_PASSWORD()
?

Answer

It appears there is no equivalent to OLD_PASSWORD() using MySQL functions except if the server allows globals to be set. By executing the query SET @@global.old_passwords = 1;, under a user with super permissions, the PASSWORD() function then hashes passwords using the OLD_PASSWORD() algorithm.

If, like in our case above, you do not have a super user (Google CloudSQL does not support them), then a replacement algorithm is needed. Below are replacements for different languages:

C | Perl | PHP | Python

Disclaimer: MySQL's password functions are a joke in modern day security and should not be used if at all possible. In addition, I'm not responsible for any head asploding after taking a look at the algorithms above!