If you are still running the old MySQL authentication plugin commonly called the “mysql_native_password” authentication plugin in MySQL 5.7 and older, then you need to migrate to something better.
The mysql_native_password plugin (used in MariaDB as well) is based on SHA1. This hash function simply isn’t good enough anymore unless minimum password length is much longer than the current default of 8 characters.
Why this paranoia you ask? Rainbow tables and the technology driving cheaper and bigger disk storage and machine learning/deep learning driving GPU performance.
Rainbow tables are used once you realize storing pre-computed hashes of all plain text passwords for all combinations quickly consumes a lot of disk space.
- This site https://www.freerainbowtables.com/ used donated time to built huge rainbow tables.
- This site http://project-rainbowcrack.com/table.htm shows how to build your own tables.
Task 6: Use a stronger authentication plugin than the mysql_native_password.
Check SQL:Â
select plugin,count(*) from mysql.user group by plugin
The Fix:
- In MySQL land, upgrade to MySQL 8.0 and the caching_sha2_password authentication plugin.
- In MariaDB land, change to use the ed25519 plugin.
Until next time.
Pingback: Security: Use roles to manage user privileges | DBA Dojo
Pingback: Security: Use roles to manage user privileges | DBA Dojo