| |
No hacking
Before using my proof-of-concept you have to understand that it is in no mean
conceived to enable or help real-world MySQL password cracking. You should engage yourself to use it
only for test-purpose on already-known passwords.
All other use are strictly forbidden, and could lead you to liability.
Want to know more? Read my secure mysql against passord crack page.
MySQL old-password scheme only
MySQL new-password scheme (41-characters fingerprints beginning with an * ) seems to be safe at this time,
brute-force will need too much time for real-world strong passwords, and storing pre-calculated fingerprint
will take too much space. It seems there's weaknesses in the way SHA-1 is used in MySQL, but no-one exploit it.
So you have to see a MySQL old-password fingerprint, stored in the MySQL's "mysql" database (user table, password column),
that is a 16-hex digits number.
Now you could safely try proof of concept for cracking old mysql passwords from their fingerprint.
|
|
