caching_sha2_password Authentication Plugin

Caching SHA256 first send a SHA256 encrypted password. MySQL server has an in-memory cache of SHA256 key for successful authentication. When a cache hit occur, the connection is validated, if not, using some more steps to a process similar to sha256_password.

Caching SHA256 authentication possible exchanges:

client send a SHA-2 encrypted password
server result in either OK_Packet , ERR_Packet or "fast" authentication result
if fast authentication result
- if connection use SSL (SSLRequest Packet sent)
  - client send a clear password answer
- else
  - if client doesn't know server RSA public key
    client sends a public key request
    server sends a public key response
  - client sends an RSA encrypted password
  - ends with server sending either OK_Packet , ERR_Packet

SHA-2 encrypted password

Encryption is XOR(SHA256(password), SHA256(seed, SHA256(SHA256(password))))

byte<32> encrypted password

"fast" authentication result

result of fast authentication.

byte authentication result

0x03 value means success authentication. 0x04 value means continue

Client clear password answer

string password without encryption

Public key request

Value send is not 0x01 like sha256_password use, but 0x02

byte<1> fixed 0x02 value

Public key response

byte<1> fixed 0x01 value
byte public key data

RSA encrypted password

byte<256> RSA encrypted password

RSA encrypted value of XOR(password, seed) using server public key (RSA_PKCS1_OAEP_PADDING).

_{This page is licensed: CC BY-SA / Gnu FDL}

Previous1 - Connecting NextConnecting

Last updated 8 days ago

Was this helpful?