How to speed up password lookup in MySQL database?

M

MFriqk2020-01-01 13:53:56

MySQL

MFriqk, 2020-01-01 13:53:56

I have a table with more than 100.000.000 data. And there are indexes. So if you search by index, then the search is fast, it finds it in just ~ 0.5 seconds, but what if you search for unknown data? In my case, this is a password check with a specific hash (sha256). For example here is my query

SELECT * FROM `table` WHERE SHA2(CONCAT(`password`, 'sail'), 256) IN ('113b504a25551317e26fa6e5551d9aa5ad60097c1c58c4210e2aa6898676307d');

It converts the password from the database and the salt to sha256 and checks. Is it possible to speed it up somehow? For the request takes more than 20 minutes
And if you execute

SELECT IF (
  '113b504a25551317e26fa6e5551d9aa5ad60097c1c58c4210e2aa6898676307d' = 
  SHA2(`password`+"sail",256), '1', '0') AS "TEST"
  FROM table;

, then the request is completed in ~0.4 sec, But this is not what you need :(

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrey Ezhgurov, 2020-01-01
@eandr_67

The database should not have the password in plaintext - only the hash. Otherwise, an attacker who has received a database dump will be able to log in on behalf of any user.
And the hash should not be SHA, but specially designed for passwords.
And yes, Dr. Bacon is right: the user is selected from the database by login, and the password is checked not by the database, but by the server code.

D

Dr. Bacon, 2020-01-01
@bacon

Why search by password? It is necessary to search by login and this entry has to check the password.

M

MFriqk, 2020-01-01
@MFriqk

I just have a base to decrypt the password. And not just a database with users.