https://dev.mysql.com/doc/refman/8.0...on_aes-encrypt
About the hashing Mysql example they give.
I am trying to understand what 'My Secret Passphrase' represents.
And what 'text' represents.
And how to use this functionality of this DB functions.
I found out you can select what those example commands set
And if you run those sets, but don't set 'text', then their select example returns a null
Musing here
it seems to me those 3 sets results have to be saved in the database
then you use those to create 'text' and 'text' is what is the user's password
'my secret passphrase' could be your own salt value.
These 3 generated user values then can be used to bring back a value of 'text'
So, if I ran these 2 code lines on another PC, I ought to always get 'text' as a result
MariaDB [booksgood]> SET block_encryption_mode = 'aes-256-cbc';
MariaDB [booksgood]> SELECT CAST(AES_DECRYPT(@crypt_str,@key_str,@init_vector) AS CHAR);
I should get 'text' returned.
And 'text' and what the user's password claimed on a form input as 'text' will match and user is authorized.
I have other PC running Mysql and can try that.
It also should work for either any MySQL or MariaDB server as long as the version allows for this function.
OR, it COULD be I don't have a clue for what I am thinking, and am way off base here.
I just woke up and thought about it some and posted what I thought might be true.
It also seems to me anyone with values read from the row could then return a value of 'text'
Means a hacker could do that, and my idea is not correct.
About the hashing Mysql example they give.
I am trying to understand what 'My Secret Passphrase' represents.
And what 'text' represents.
And how to use this functionality of this DB functions.
Code:
mysql> SET block_encryption_mode = 'aes-256-cbc';
mysql> SET @key_str = SHA2('My secret passphrase',512);
mysql> SET @init_vector = RANDOM_BYTES(16);
mysql> SET @crypt_str = AES_ENCRYPT('text',@key_str,@init_vector);
mysql> SELECT CAST(AES_DECRYPT(@crypt_str,@key_str,@init_vector) AS CHAR);
+-------------------------------------------------------------+
| CAST(AES_DECRYPT(@crypt_str,@key_str,@init_vector) AS CHAR) |
+-------------------------------------------------------------+
| text |
+-I found out you can select what those example commands set
And if you run those sets, but don't set 'text', then their select example returns a null
Musing here
it seems to me those 3 sets results have to be saved in the database
then you use those to create 'text' and 'text' is what is the user's password
'my secret passphrase' could be your own salt value.
These 3 generated user values then can be used to bring back a value of 'text'
So, if I ran these 2 code lines on another PC, I ought to always get 'text' as a result
MariaDB [booksgood]> SET block_encryption_mode = 'aes-256-cbc';
MariaDB [booksgood]> SELECT CAST(AES_DECRYPT(@crypt_str,@key_str,@init_vector) AS CHAR);
I should get 'text' returned.
And 'text' and what the user's password claimed on a form input as 'text' will match and user is authorized.
I have other PC running Mysql and can try that.
It also should work for either any MySQL or MariaDB server as long as the version allows for this function.
OR, it COULD be I don't have a clue for what I am thinking, and am way off base here.
I just woke up and thought about it some and posted what I thought might be true.
It also seems to me anyone with values read from the row could then return a value of 'text'
Means a hacker could do that, and my idea is not correct.
Code:
MariaDB [booksgood]> SET block_encryption_mode = 'aes-256-cbc';
Query OK, 0 rows affected (0.001 sec)
MariaDB [booksgood]> SET @key_str = SHA2('My secret passphrase',512);
Query OK, 0 rows affected (0.000 sec)
MariaDB [booksgood]> SET @init_vector = RANDOM_BYTES(16);
Query OK, 0 rows affected (0.001 sec)
MariaDB [booksgood]> SELECT CAST(AES_DECRYPT(@crypt_str,@key_str,@init_vector) AS CHAR);
+-------------------------------------------------------------+
| CAST(AES_DECRYPT(@crypt_str,@key_str,@init_vector) AS CHAR) |
+-------------------------------------------------------------+
| NULL
|
+-------------------------------------------------------------+
1 row in set (0.000 sec)
MariaDB [booksgood]> SET @crypt_str = AES_ENCRYPT('text',@key_str,@init_vector);
Query OK, 0 rows affected (0.000 sec)
MariaDB [booksgood]> SELECT CAST(AES_DECRYPT(@crypt_str,@key_str,@init_vector) AS CHAR);
+-------------------------------------------------------------+
| CAST(AES_DECRYPT(@crypt_str,@key_str,@init_vector) AS CHAR) |
+-------------------------------------------------------------+
| text
|
+-------------------------------------------------------------+
1 row in set (0.000 sec)
MariaDB [booksgood]> select @crypt_str;
+------------------+
| @crypt_str |
+------------------+
| ?S?13N?????1?tv |
+------------------+
1 row in set (0.000 sec)
MariaDB [booksgood]> select @key_str;
+----------------------------------------------------------------------------------------------------------------------------------+
| @key_str
|
+----------------------------------------------------------------------------------------------------------------------------------+
| fb9958e2e897ef3fdb49067b51a24af645b3626eed2f9ea1dc7fd4dd71b7e38f9a68db2a3184f952382c783785f9d77bf923577108a88adaacae5c141b1576b0 |
+----------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.000 sec)
MariaDB [booksgood]> select @init_vector;
+------------------+
| @init_vector |
+------------------+
| ?7#T|?q????d[ |
+------------------+
1 row in set (0.000 sec)
MariaDB [booksgood]>