MySQL Password Hashing

This page describes a technical detail of our MySQL database system that most customers don’t need to worry about. It’s here to assist advanced customers who need to know technical details about how our MySQL servers are set up.

About hashed passwords

When you create a new MySQL database or change a MySQL database password, the MySQL software doesn’t actually store the password you type. For security it instead stores a “hashed” version of that password.

Current versions of MySQL store the hashed password in a different format than older versions. For example, if you choose the password “mypass”, MySQL stores that as “*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4” (the MySQL documentation calls this a “long hash”) — but older versions stored the same password as “6f8c114b58f2ce9e” (a “short hash”).

Hashed password incompatibilities

The different password hashing formats can cause incompatibilities described on the MySQL password hashing page. In particular:

That means it’s impossible for a database to support connections from both types of clients. Each database has to use one of these hashing methods and accept the fact that some client software will not be able to connect to that database.

Which hashing method does Tiger Technologies use?

We use “long hashes” when you create a new database or change the password of an existing database. This makes sure that all current client software, including copies of PHP that use “mysqlnd” (including PHP running on our servers), can connect without problems.

However, we used “short hashes” before November 28, 2011. We attempted to convert all old short hashes to long hashes by extracting a copy of the plaintext password from a database configuration file on your site (such as a WordPress “wp-config.php” file) if possible, but a very small number of older databases may still use short hashes.

This usually doesn’t cause any problems. However, if:

  • you created a database on our servers before 2012; and
  • you haven’t changed the password since then; and
  • your site doesn’t store the plaintext version of the password so we can update it

... then you may see an error saying “mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication” (in this context, “insecure authentication” means a “short password hash”).

If this happens, you can convert your database to use a “long hash”. Simply “change” your MySQL password and use the same password that the database already has. The same password will be re-saved as a “long hash” instead of a “short hash”.