passlib.hash.mysql323 - MySQL 3.2.3 password hash¶
This algorithm is extremely weak, and should not be used for any purposes besides manipulating existing Mysql 3.2.3-4.0 password hashes.
This class implements the first of MySQL’s password hash functions,
used to store its user account passwords. Introduced in MySQL 3.2.3
under the function
PASSWORD(), this function was renamed
OLD_PASSWORD() under MySQL 4.1, when a newer password
hash algorithm was introduced (see
Users will most likely find the frontends provided by
to be more useful than accessing this class directly.
That aside, this class can be used as follows:
>>> from passlib.hash import mysql323 >>> # encrypt password >>> mysql323.encrypt("password") '5d2e19393cc5ef67' >>> # verify correct password >>> mysql323.verify("password", '5d2e19393cc5ef67') True >>> mysql323.verify("secret", '5d2e19393cc5ef67') False
Format & Algorithm¶
A mysql-323 password hash consists of 16 hexadecimal digits, directly encoding the 64 bit checksum. MySQL always uses lower-case letters, and so does Passlib (though Passlib will recognize upper case letters as well).
The algorithm used is extremely simplistic, for details, see the source implementation in the footnotes .
Lacking any sort of salt, ignoring all whitespace, and having a simplistic algorithm that amounts to little more than a checksum, this is not secure, and should not be used for any purpose but verifying existing MySQL 3.2.3 - 4.0 password hashes.
|||Source of implementation used by Passlib - http://djangosnippets.org/snippets/1508/|
|||Mysql document describing transition - http://dev.mysql.com/doc/refman/4.1/en/password-hashing.html|