On Mon, 2011-03-07 at 13:51 +0100, Johan De Meersman wrote: > Umm... I'm no crypto guru, but I've never heard of MD5 having variants, let > alone a salt. MD5 is MD5 is MD5. APR, incidentally, is the Apache Runtime, > afaik - part of the build kit for apache modules. > > I strongly suspect your problem is on another level. > >
Actually, he is correct. Though, the Apache variant of md5 is a chosen improved security method, it really shouldn't be called MD5 since it is not compatible with, well, base MD5 :) http://httpd.apache.org/docs/2.2/misc/password_encryptions.html MD5 "$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm. MD5 $ openssl passwd -apr1 myPassword $apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0 I agree Apache should probably not be calling it MD5. Perhaps it needs renaming and MD5 as we all know it, be, MD5. and for this reason I will xpost to devs list for some clear (maybe) explanation as to why it was called this. I don't think Edward's questioning is unreasonable, given the popularity of LAMP combination, they are touted to work hand in hand, but as he pointed out, they are not, even exampled by openssl wanting -apr1 not -md5 to be compatible, so I can see how this would be a problem with MySQL insert of md5(foo) not be recognised by an Apache md5 wanting. Noel > ----- Original Message ----- > > From: "Edward avanti" <edward.ava...@gmail.com> > > To: my...@lists.mysql.com > > Sent: Monday, 7 March, 2011 5:54:02 AM > > Subject: Re: mysql apache md5 > > > > everything to do with mysql > > I try make it clearer, sorry for not so in first post > > > > customer relationship manager add users into mysql > > we want not to use apache auth of encrypt, but use md5 for longer > > password > > apache use variant of md5, called md5 -apr, but mysql md5 only uses > > the -1 > > type > > so, when CRM add userlike > > INSERT INTO users (..other....`appass`) values (...other... > > 'MD5('$PASS') > > .... > > the md5 -1 that mysql uses is not compatible so apache auth fail. the > > variant is apaprently add > > $apr1$<up to 8 chars>$md5passwordhere, > > making allabove line the salted md5. > > I try to get mysql and apache to play nice, but thy do not because > > mysql and > > apache not use same method, hence my attempt to work around, even SHA > > same > > affect, i am try use anything but DES encrypt('$PASS') > > sadly that only thing that work happily witrh each other. > > openssl have ability to do this so not sure why mysql not have option > > > > Sure someone had same problem and simple work around to have mysql > > use > > correct md5, but no google fu work > > > > -- > Bier met grenadyn > Is als mosterd by den wyn > Sy die't drinkt, is eene kwezel > Hy die't drinkt, is ras een ezel >
signature.asc
Description: This is a digitally signed message part
