The Passlib documentation has moved to https://passlib.readthedocs.io
passlib.hash.mysql41
- MySQL 4.1 password hash¶
Danger
This algorithm is not considered secure by modern standards. It should only be used when verifying existing hashes, or when interacting with applications that require this format. For new code, see the list of recommended hashes.
This class implements the second of MySQL’s password hash functions,
used to store its user account passwords. Introduced in MySQL 4.1.1
under the function PASSWORD()
, it replaced the previous
algorithm (mysql323
) as the default
used by MySQL, and is still in active use under MySQL 5.
Users will most likely find the frontends provided by passlib.apps
to be more useful than accessing this class directly.
See also
- password hash usage – for examples of how to use this class via the common hash interface.
passlib.apps
for a list of premade mysql contexts.
Interface¶
-
class
passlib.hash.
mysql41
¶ This class implements the MySQL 4.1 password hash, and follows the PasswordHash API.
It has no salt and a single fixed round.
The
hash()
andgenconfig()
methods accept no optional keywords.
Format & Algorithm¶
A mysql-41 password hash consists of an asterisk *
followed
by 40 hexadecimal digits, directly encoding the 160 bit checksum.
An example hash (of password
) is *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19
.
MySQL always uses upper-case letters,
and so does Passlib (though Passlib will recognize lower-case letters as well).
The checksum is calculated simply, as the SHA1 hash of the SHA1 hash of the password, which is then encoded into hexadecimal.
Security Issues¶
Lacking any sort of salt, and using only 2 rounds of the common SHA1 message digest, it’s not very secure, and should not be used for any purpose but verifying existing MySQL 4.1+ password hashes.