MySQL Password Hashing

This page describes a technical detail of our MySQL database system that most customers don’t need to worry about. It’s here to assist advanced customers who need to know technical details about how our MySQL servers are set up.

About hashed passwords

When you create a new MySQL database or change a MySQL database password, the MySQL software doesn’t actually store the password you type. For security it instead stores a “hashed” version of that password.

Current versions of MySQL store the hashed password in a different format than older versions. For example, if you choose the password “mypass”, MySQL stores that as “*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4” (the MySQL documentation calls this a “long hash”) — but older versions stored the same password as “6f8c114b58f2ce9e” (a “short hash”).

Hashed password incompatibilities

The different password hashing formats can cause incompatibilities described on the MySQL password hashing page. In particular:

  • Old MySQL client software designed for MySQL versions before 4.1.1 cannot connect to databases that use long hashes.
  • New MySQL client software using the “mysqlnd” system introduced in PHP 5.3 cannot connect to databases that use short hashes. (Our PHP installations don’t use mysqlnd, but custom PHP copies you download or build may do so.)

This presents a problem, because it’s impossible to support both types of clients. The server needs to pick one of these hashing methods and accept the fact that some other clients will not be able to connect.

Which hashing method does Tiger Technologies use?

We use “long hashes” when you create a new database or change the password of an existing database. This makes sure that all current client software, including copies of PHP that use “mysqlnd”, can connect without problems. It also means that very old client software may not be able to connect, though.

We used “short hashes” before November 28, 2011. This usually doesn’t cause any problems. However, if you created a database on our servers before that date, and you try to connect to it using a custom copy of PHP (perhaps from another company’s server), you may see an error saying “mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication” (in this context, “insecure authentication” means a “short password hash”).

If this happens, you can convert your database to use a “long hash”. Simply “change” your MySQL password and use the same password that the database already has. The same password will be re-saved as a “long hash” instead of a “short hash”.