1 of 1

Connecting via caching_sha2_password

This plugin implements the caching_sha2_password authentication method, using an in-memory cache for fast authentication or RSA encryption for full verification.

Overview

Caching SHA256 first sends an SHA256-encrypted password. MySQL server has an in-memory cache of SHA256 key for successful authentication. When a cache hit occurs, the connection is validated, if not, using some more steps to a process similar to sha256_password.

Caching SHA256 authentication possible exchanges:

Client sends an .
Server result is either , , or .
If fast authentication result:

Authentication

SHA-2 Encrypted Password

Encryption is XOR(SHA256(password), SHA256(seed, SHA256(SHA256(password)))).

encrypted password.

"Fast" Authentication Result

Result of fast authentication.

authentication result.

0x03 value means success authentication. 0x04 value means continue.

Client Clear Password Answer

password without encryption.

Public Key Request

fixed 0x02 value.

Public Key Response

fixed 0x01 value.
public key data.

RSA Encrypted Password

RSA encrypted password.

RSA encrypted value of XOR (password, seed) using server public key (RSA_PKCS1_OAEP_PADDING).

_{This page is licensed: CC BY-SA / Gnu FDL}