Why are mysql password hashes internally saved with a star (asterisk)?
Ok, found about this in the documentation itself.
This was a change introduced in mysql 4.1 so that the earlier password lengths of 16 characters and newer password lengths of 40 characters could be simultaneously supported. The Password column was made 41 bytes (chars) long, and the newer passwords would begin with a mandatory *
to identify them.
From the documentation:
Password hashes in the 4.1 format always begin with a “*” character, whereas passwords in the pre-4.1 format never do.
In addition to the password starting with an asterisk, here is algorithm for PASSWORD()
SET @plaintextpassword = 'whatever password you want';
SELECT CONCAT('*',UPPER(SHA1(UNHEX(SHA1(@plaintextpassword)))));
EXAMPLE
mysql> SET @plaintextpassword = 'whatever password you want';
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT UPPER(SHA1(UNHEX(SHA1(@plaintextpassword)))) PWD_CREATION;
+------------------------------------------+
| PWD_CREATION |
+------------------------------------------+
| D09AF2704D843A5E4E84362830C7EC1CEA40DF8A |
+------------------------------------------+
1 row in set (0.00 sec)
mysql> SELECT PASSWORD(@plaintextpassword) PWD_FUNCTION;
+-------------------------------------------+
| PWD_FUNCTION |
+-------------------------------------------+
| *D09AF2704D843A5E4E84362830C7EC1CEA40DF8A |
+-------------------------------------------+
1 row in set (0.00 sec)
mysql>
I learned this algorithm long ago from Hashing Algorithm in MySQL PASSWORD()