caching_sha2_password authentication plugin
Caching SHA256 first send a SHA256 encrypted password. MySQL server has an in-memory cache of SHA256 key for successful authentication. When a cache hit occur, the connection is validated, if not, using some more steps to a process similar to sha256_password.
Caching SHA256 authentication possible exchanges:
- client send a SHA-2 encrypted password
- server result in either OK_Packet , ERR_Packet or "fast" authentication result
- if fast authentication result
- if connection use SSL (SSLRequest Packet sent)
- client send a clear password answer
- else
- if client doesn't know server RSA public key
- client sends a public key request
- server sends a public key response
- client sends an RSA encrypted password
- ends with server sending either OK_Packet , ERR_Packet
- if client doesn't know server RSA public key
- if connection use SSL (SSLRequest Packet sent)
SHA-2 encrypted password
Encryption is XOR(SHA256(password), SHA256(seed, SHA256(SHA256(password))))
- byte<32> encrypted password
"fast" authentication result
result of fast authentication.
- byte<lenenc> authentication result
0x03 value means success authentication. 0x04 value means continue
Client clear password answer
- string<NUL> password without encryption
Public key request
Value send is not 0x01 like sha256_password use, but 0x02
- byte<1> fixed 0x02 value
Public key response
RSA encrypted password
- byte<256> RSA encrypted password
RSA encrypted value of XOR(password, seed) using server public key (RSA_PKCS1_OAEP_PADDING).
Comments
Comments loading...
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.