ed25519 authentication plugin

MySQL used SHA-1 based authentication since the version 4.1. Since MariaDB-5.2 this authentication method is called "mysql_native_password". Over years computers became faster, new attacks on SHA-1 were being developed. Nowadays SHA-1 is no longer considered as secure as it was in 2001. That's why ed25519 plugin was created.

The ed25519 plugin uses Elliptic Curve Digital Signature Algorithm to securely store users' passwords and to authenticate users. The particular algorithm ed25519 is the same as what OpenSSH uses (called ed25519 key type) and is based on an elliptic curve and the code created by Daniel J. Bernstein.

From the user point of view it is the conventional password based authentication.

If the plugin is not installed, you need to install it first:

INSTALL SONAME 'auth_ed25519';

At the moment the PASSWORD() function and SET PASSWORD statement do not work with ed25519 authentication. Use the UDF that comes with the plugin:

CREATE FUNCTION ed25519_password RETURNS STRING SONAME "auth_ed25519.so";

Now you can calculate a password hash as

SELECT ed25519_password("secret");
+---------------------------------------------+
| SELECT ed25519_password("secret");          |
+---------------------------------------------+
| ZIgUREUg5PVgQ6LskhXmO+eZLS0nC8be6HPjYWR4YJY |
+---------------------------------------------+

and use it to create a user:

CREATE USER safe IDENTIFIED VIA ed25519 USING 'ZIgUREUg5PVgQ6LskhXmO+eZLS0nC8be6HPjYWR4YJY'

Then connect as usual

mysql --user=safe --password=secret