MySQL Password Hash Generator (OLD_PASSWORD, PASSWORD)
Generate MySQL password hashes for older and newer versions. This tool mimics the OLD_PASSWORD() and PASSWORD() functions to create hashes compatible with MySQL user authentication.
Hash Algorithm Analysis
Password Strength Analysis
Password Hash Security
Not all hash algorithms are suitable for password storage. Fast hashes like MD5 and SHA-256 are vulnerable to brute-force attacks. Use specialized password hashing algorithms like bcrypt, Argon2, or scrypt that are intentionally slow and memory-hard.
How MySQL Password Hashing Works
MySQL has used different password hashing schemes throughout its history. The OLD_PASSWORD() function (pre-MySQL 4.1) used a simple 16-character hash, while PASSWORD() introduced a more secure 41-character format prefixed with '*'.
This tool generates both legacy MySQL hash formats for compatibility testing and migration purposes. The OLD_PASSWORD uses a two-round algorithm producing 16 hex characters, while the newer PASSWORD uses SHA-1 based hashing.
Here's the process:
- OLD_PASSWORD: Two-pass hash producing 16-character result
- PASSWORD: SHA-1 hash with '*' prefix (41 characters total)
- Both formats are generated from the same input password
- Output can be used directly in MySQL user tables
Security warning: MySQL's native password hashing is weak by modern standards. Use external authentication (PAM, LDAP) or upgrade to mysql_native_password or caching_sha2_password plugins.
When You'd Actually Use This
Legacy MySQL migration
Migrate users from old MySQL versions (pre-4.1) to modern versions. Generate OLD_PASSWORD hashes to maintain compatibility during phased migration projects.
Database recovery
Recover access to legacy MySQL databases when user tables are corrupted. Regenerate known passwords to restore user access without resetting all credentials.
Testing authentication systems
Test MySQL authentication code with known hash values. Verify your application correctly handles both old and new MySQL password formats during login.
Security auditing
Identify accounts using weak OLD_PASSWORD hashing. Audit your MySQL user table to find legacy accounts that need password upgrades for security compliance.
Educational demonstrations
Show evolution of password security. Compare OLD_PASSWORD (weak) vs modern hashing to demonstrate why security practices evolve and legacy systems need updates.
Multi-version compatibility testing
Test applications against multiple MySQL versions. Ensure your software handles authentication correctly across MySQL 4.1, 5.x, and 8.x password formats.
What to Know About MySQL Password Hashes
OLD_PASSWORD is critically weak. The 16-character hash can be cracked instantly. It uses no salt and a simple algorithm. Never use for new systems.
PASSWORD() format changed over versions. MySQL 4.1+ uses 41-character '*' prefixed hashes. MySQL 8.0+ uses caching_sha2_password by default, which is incompatible with these formats.
No salt in legacy formats. Both OLD_PASSWORD and PASSWORD() lack salt. Same password = same hash across all databases, enabling rainbow table attacks.
Modern MySQL uses different authentication. MySQL 8.0 defaults to caching_sha2_password plugin. These legacy hash formats may not work without configuration changes.
Pro tip: If you're still using OLD_PASSWORD in production, prioritize immediate migration. These hashes provide essentially no security against determined attackers.
Common Questions
What's the difference between OLD_PASSWORD and PASSWORD?
OLD_PASSWORD produces a 16-character hex hash using a weak two-round algorithm. PASSWORD produces a 41-character hash (with '*' prefix) using SHA-1. PASSWORD is more secure but still outdated.
Can these hashes be cracked?
OLD_PASSWORD hashes crack instantly—rainbow tables exist for all common passwords. PASSWORD() hashes are stronger but still vulnerable to modern GPU cracking. Neither should be trusted for security.
How do I upgrade MySQL password security?
Set password_authentication plugin to caching_sha2_password (MySQL 8.0+) or mysql_native_password (MySQL 5.7). Force password resets for all users to generate new secure hashes.
Why does PASSWORD hash start with '*'?
The '*' prefix indicates the hash format. MySQL uses this to distinguish between OLD_PASSWORD (no prefix, 16 chars) and PASSWORD ('*' prefix, 41 chars) formats.
Can I use these hashes in MySQL 8.0?
MySQL 8.0 defaults to caching_sha2_password. To use legacy hashes, you must configure the user account to use mysql_native_password authentication plugin explicitly.
Is this tool safe for production passwords?
Processing happens locally in your browser. However, never paste real production passwords into any web tool. Use test credentials and change passwords after testing.
How do I insert these hashes into MySQL?
Use: UPDATE mysql.user SET authentication_string='*HASH' WHERE User='username'; Then: FLUSH PRIVILEGES; Replace HASH with your generated 40-character hash (including the *).
Other Free Tools
MD5 Hash Generator & Checker
MD5 Hash Generator & Checker
SHA-256 Hash Generator
SHA-256 Hash Generator
SHA-1 Hash Generator & Decrypter
SHA-1 Hash Generator & Decrypter
SHA-512 Hash Calculator
SHA-512 Hash Calculator
SHA-3 Hash Generator (Keccak)
SHA-3 Hash Generator (Keccak)
ASCII to Hex Converter
ASCII to Hex Converter: Text to Hexadecimal Translator
Barcode Generator
Free Barcode Generator
Binary to Text Converter
Binary to Text Converter
Free Printable Calendar Maker
Create & Print Your Custom Calendar
Pie Chart Maker
Free Pie Chart Maker Online