MySQL323
#1
Question 
Greetings,

So I was wondering what is really behind the older version of MySQL's hashing algorithm - MySQL 4.1.0? As of MySQL 4.1.1 it's clear that it is sha1(unhex(sha1($pass))) producing a 41-byte string but what about the one that produces a 16-byte string?

Also, why does it have multiple possible plaintext values?

Hope this hasn't been discussed before since I didn't bother to check.
Reply
#2
It's a custom hash function. Like most other home-brewn hash functions it has serious flaws for this use. This is a reason you see many hash collisions.

Another reason is simply the fact that the output is as short as 64 bits. Regardless of the quality of a hash function, if it has n bits of output it is simply bound to have at least one hash collision for 2ⁿ+1 inputs.
Reply
#3
http://tobtu.com/mysql323.php
http://tobtu.com/mysql323code.php
Reply