Hướng dẫn mysql 8 password encryption - mã hóa mật khẩu mysql 8
Many encryption and compression functions return strings for which the result might contain arbitrary byte values. If you want to store these results, use a column with a 6 or 7 binary string data type. This avoids
potential problems with trailing space removal or character set conversion that would change data values, such as may occur if you use a nonbinary string data type ( 8, 9,
0). Some encryption functions return strings of ASCII characters: 1, 2,
3, 4, 5,
6. Their return value is a string that has a character set and collation determined by the 7 and
8 system variables. This is a nonbinary string unless the character set is 9. If an application stores values from a function such as 1 or
3 that returns a string of hex digits, more efficient storage and comparisons can be obtained by converting the hex representation to binary using 2 and storing the result in a
3) column. Each pair of hexadecimal digits requires one byte in binary form, so the value of 4 depends on the length of the hex string. 4 is 16 for an 1 value and 20 for a
3 value. For 4, 4 ranges from 28 to 32 depending on the argument specifying the desired bit length of the result. The size penalty for storing the hex string in a 8 column is at least two times, up to eight times if the value is stored in a column that uses the 1 character set (where each character uses 4 bytes). Storing the string also results in slower comparisons because of the larger values and the need to take character set collation rules into account. Suppose that an application stores 1 string values in a 3 column:
To convert hex strings to more compact form, modify the application to use 2 and
5 instead as follows:
Applications should be prepared to handle the very rare case that a hashing function produces the same value for two different input values. One way to make collisions detectable is to make the hash column a primary key. Note Exploits for the MD5 and SHA-1 algorithms have become known. You may wish to consider using another one-way encryption function described in this section instead, such as 4. Caution Passwords or other sensitive values supplied as arguments to encryption functions are sent as cleartext to the MySQL server unless an SSL connection is used. Also, such values appear in any MySQL logs to which they are written. To avoid these types of exposure, applications can encrypt sensitive values on the client side before sending them to the server. The same considerations apply to encryption keys. To avoid exposing these, applications can use stored procedures to encrypt and decrypt values on the server side.
|