Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
kacang2015-10-16 09:34:10
linux
kacang, 2015-10-16 09:34:10

How is the encrypt() function implemented in MySQL?

MySQL's encrypt() is often used to store passwords in a database.
The docs say that (on Linux) crypt() is used with a random salt. The crypt, in turn, says that it uses DES by default. So what happens? 56 bit DES with some private key plus 12 bit salt? Not enough somehow.
Am I understanding everything correctly?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
K
kacang, 2015-10-16
@kacang

Actually I tried it. That's right - the default is DES 56 + 12bit salt. I didn't see any options for using stronger ciphers with MySQL.
For completeness of the answer I will add:
1. The key is the data transferred to MySQL encrypt (). But only the first 8 bytes. Of each, the bottom 7 bits are used. 8 * 7 = 56 bits.
2. Data to be encrypted - zeros
3. Salt - randomly chosen by MySQL. Two bytes from (a-z,AZ,0-9,./). 64 possible characters twice - 64^2 = 4096 = 2^12 = 12 bits.

#define _XOPEN_SOURCE       /* See feature_test_macros(7) */
#include <unistd.h>

#include <stdio.h>

void main() {
    const char* salt = "Vx";
    const char* key = "hello";

    //expecting: VxuFAJXVARROc
    printf("crypt: %s\n", crypt(key,salt));
}

$ gcc main.c -lcrypt
$ ./a.out
crypt: VxuFAJXVARROc

Report
A
Axian Ltd., 2015-10-16
@AxianLTD

What happened to search engines? https://dev.mysql.com/doc/refman/5.5/en/encryption...

Report
A
Alexey Skobkin, 2015-10-16
@skobkin

Encrypts str using the Unix crypt() system call and returns a binary string. The salt argument must be a string with at least two characters or the result will be NULL. If no salt argument is given, a random value is used.

man7.org/linux/man-pages/man3/crypt.3.html
If salt is a character string starting with the characters
"$id$" followed by a string terminated by "$":
$id$salt$encrypted
then instead of using the DES machine, id identifies the
encryption method used and this then determines how the rest
of the password string is interpreted. The following values
​​of id are supported:
ID  | Method
─────────────────────────────────────────────────────────
1   | MD5
2a  | Blowfish (not in mainline glibc; added in some
      | Linux distributions)
5    | SHA-256 (since glibc 2.7)
6    | SHA-512 (since glibc 2.7)

"salt" stands for the up to 16 characters following "$id$" in
the salt. The encrypted part of the password string is the
actual computed password. The size of this string is fixed:
MD5     | 22 characters
SHA-256 | 43 characters
SHA-512 | 86 characters

The characters in "salt" and "encrypted" are drawn from the
set [a-zA-Z0-9./]. In the MD5 and SHA implementations the
entire key is significant (instead of only the first 8 bytes
in DES).
That is, logically, you can not encrypt DES. But only if you explicitly specify.

Similar questions
J
joha07382021-05-11 15:59:03
Is it possible to create an array from methods in Java? 3Reply
H
hloya_ram2019-11-17 12:04:54
How does Reading Mode work in Safari and Firefox browsers? 2Reply
F
FreeBarbarian2016-09-07 04:54:15
What is the problem with Linux parition? 2Reply
K
keslo2014-09-16 12:19:02
How to format an entry as an associative array in JSON format in PHP? 4Reply
L
lar0n2020-11-10 20:23:42
How to untie a domain from VDS/VPS? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question