All pages
Powered by GitBook
1 of 1

caching_sha2_password Authentication Plugin

Caching SHA256 first send a SHA256 encrypted password. MySQL server has an in-memory cache of SHA256 key for successful authentication. When a cache hit occur, the connection is validated, if not, using some more steps to a process similar to sha256_password.

Caching SHA256 authentication possible exchanges:

  • client send a SHA-2 encrypted password

  • server result in either OK_Packet , ERR_Packet or "fast" authentication result

  • if fast authentication result

    • if connection use SSL (SSLRequest Packet sent)

      • client send a clear password answer

    • else

      • if client doesn't know server RSA public key

        • client sends a public key request

        • server sends a public key response

      • client sends an RSA encrypted password

      • ends with server sending either OK_Packet , ERR_Packet

SHA-2 encrypted password

Encryption is XOR(SHA256(password), SHA256(seed, SHA256(SHA256(password))))

  • byte<32> encrypted password

"fast" authentication result

result of fast authentication.

  • byte authentication result

0x03 value means success authentication. 0x04 value means continue

Client clear password answer

  • string password without encryption

Public key request

Value send is not 0x01 like sha256_password use, but 0x02

  • byte<1> fixed 0x02 value

Public key response

  • byte<1> fixed 0x01 value

  • byte public key data

RSA encrypted password

  • byte<256> RSA encrypted password

RSA encrypted value of XOR(password, seed) using server public key (RSA_PKCS1_OAEP_PADDING).

This page is licensed: CC BY-SA / Gnu FDL