Originariamente inviato da dottwatson
domanda: su che algoritmo si basa password() di mysql? il risultato dipende in qualche modo dalla macchina che lo ospita oppure è sempre lo stesso tipo md5 o sha1?
E' dello stesso tipo di MD5 o SHA1 nel senso di one way only.... Pero' il manuale dice di non usare password() per le proprie applicazioni.

PASSWORD(str)

Calculates and returns a password string from the plaintext password str and returns a binary string, or NULL if the argument was NULL. This is the function that is used for encrypting MySQL passwords for storage in the Password column of the user grant table.

mysql> SELECT PASSWORD('badpwd');
-> '*AAB3E285149C0135D51A520E1940DD3263DC008C'

PASSWORD() encryption is one-way (not reversible).

PASSWORD() does not perform password encryption in the same way that Unix passwords are encrypted. See ENCRYPT().


Note
The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.