[MDEV-9804] Implement a sha256_password / caching_sha256_password plugin Created: 2016-03-28 Updated: 2023-03-03 |
|
| Status: | Open |
| Project: | MariaDB Server |
| Component/s: | Authentication and Privilege System |
| Fix Version/s: | N/A |
| Type: | Task | Priority: | Major |
| Reporter: | Colin Charles | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 9 |
| Labels: | compat80 | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
|
In MySQL 5.6 and 5.7, you have the option of using the SHA256 password algorithm. The current method (mysql_native_password) leverages SHA1 and this has been proven to be no longer as secure as one would expect today. Find out more here:
|
| Comments |
| Comment by Sergei Golubchik [ 2017-03-22 ] |
|
Still needed for MySQL compatibility, but as far as security is concerned, we have a secure ed25519 plugin as an alternative to the old SHA1 auth. |
| Comment by Otto Kekäläinen [ 2023-03-03 ] |
|
If a security certification specifically asks for something related to this, such as one particular I was reading the other day requires support for SCRAM-SHA-384/512, this plugin might be useful (though it would need higher hash key length). However, seems that most security certifications also accept the ed25519 (~EdDSA ~ECDSA) with the key lengths MariaDB already has, so the utility of sha256_password in MariaDB might be very marginal. |