I was reading upon some mysql internals, when going through the mysql.user table in the my mysql shell, I get
mysql> select * from mysql.user limit 1 \G
*************************** 1. row ***************************
Host: localhost
User: root
Password: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
The password is obviously hashed, but why does it begin with the star (asterisk)?
Ok, found about this in the documentation itself.
This was a change introduced in mysql 4.1 so that the earlier password lengths of 16 characters and newer password lengths of 40 characters could be simultaneously supported. The Password column was made 41 bytes (chars) long, and the newer passwords would begin with a mandatory * to identify them.
From the documentation:
Password hashes in the 4.1 format always begin with a “*” character, whereas passwords in the pre-4.1 format never do.
In addition to the password starting with an asterisk, here is algorithm for PASSWORD()
SET @plaintextpassword = 'whatever password you want';
SELECT CONCAT('*',UPPER(SHA1(UNHEX(SHA1(@plaintextpassword)))));
mysql> SET @plaintextpassword = 'whatever password you want';
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT UPPER(SHA1(UNHEX(SHA1(@plaintextpassword)))) PWD_CREATION;
+------------------------------------------+
| PWD_CREATION |
+------------------------------------------+
| D09AF2704D843A5E4E84362830C7EC1CEA40DF8A |
+------------------------------------------+
1 row in set (0.00 sec)
mysql> SELECT PASSWORD(@plaintextpassword) PWD_FUNCTION;
+-------------------------------------------+
| PWD_FUNCTION |
+-------------------------------------------+
| *D09AF2704D843A5E4E84362830C7EC1CEA40DF8A |
+-------------------------------------------+
1 row in set (0.00 sec)
mysql>
I learned this algorithm long ago from Hashing Algorithm in MySQL PASSWORD()
