Cannot get correct MD5 hash with MySQL

Hello,

I unfortunately cannot use PHP to compare the plaintext password with the MD5 hash, I can only use mysql. The password needs to be placed into this format

md5(md5($login_password) . $salt)

and then compared, with the username, against the already hashed value in the database. I've been trying to do this but the hash value I get keeps being different from the one in the database.

I would really appreciate help!

Then the $login_password and/or $salt is incorrect.

Post code?

Neither are incorrect, this works perfectly with the same password and salt:



select md5(concat(md5("password") + "." + salt));

I stand corrected: either the password or salt is wrong, or you're doing the MD5 wrong.

1. + only works on numbers
2. CONCAT takes a list of arguments
3. The "." shouldn't be there

Sorry for my stupidity, MySQL isn't my strong point. I've tried what you posted and it still doesn't give the correct hashed password, I promise you that I am using the correct password and salt! Thank you for your help by the way, I really appreciate it!

I think it could be an issue with characters in the salt?

Code used:

select md5(concat(md5("TESTLPRPG5"), '}*KQPdB%q+ICkjeyKn5_(mKXT"k$E{'));

Password: TESTLPRPG5
Salt: }*KQPdB%q+ICkjeyKn5_(mKXT"k$E{
Hash in DB: 82a0d6862af55ff8d000bacc1f612b62
Calculated hash: 82a0d6862af55ff8d000bacc1f612b62

It works....but....

select md5(concat(md5("TESTLPRPG10"), "Ew>_5P*|2Hw`TF-^tok|h$ekM4O--M"));

Password: TESTLPRPG10
Salt: Ew>_5P*|2Hw`TF-^tok|h$ekM4O--M
Hash in DB: 10f1163c7b7360b4b64f00c650df791f
Calculated hash: 10f1163c7b7360b4b64f00c650df791f

...

select md5(concat(md5("TESTLPRPG23"), "?%h6ck;Yr14.2c1Q'u$#03(83`v4{v"));

Password: TESTLPRPG23
Salt: ?%h6ck;Yr14.2c1Q'u$#03(83`v4{v
Hash in DB: 9db9122cded8966bea6362e12e8f7856
Calculated hash: 9db9122cded8966bea6362e12e8f7856

...

select md5(concat(md5("TESTLPRPG1*"), "nW4<cr~qUXW743w9s&ImF?j#22kZYw"));

Password: TESTLPRPG1*
Salt: nW4<cr~qUXW743w9s&ImF?j#22kZYw
Hash in DB: 3a02a1fcf242a0c2726386e5756721a6
Calculated hash: 3a02a1fcf242a0c2726386e5756721a6

...DOESN'T WORK...

select md5(concat(md5("TEST00**2"), '>p1aM@\u|3ek>$TLpM\es3V"]@]h~d'));

Password: TEST00**2
Salt: >p1aM@\u|3ek>$TLpM\es3V"]@]h~d
Hash in DB: 4551cdac87c88d64263bade570ecbff4
Calculated hash: 0e2f6e295e3fc5104d8f0caa8c2c7281

...It works again...

select md5(concat(md5("TESTBLAH0**"), '}]xH1cA1]02F#+;=:CqQi^@"83xGRN'));

Password: TESTBLAH0**
Salt: }]xH1cA1]02F#+;=:CqQi^@"83xGRN
Hash in DB: 37065946bf9c771bcaba4062ae27ce6c
Calculated hash: 37065946bf9c771bcaba4062ae27ce6c

...DOESN'T WORK AGAIN...

select md5(concat(md5("TESTLPRPG"), "0!a\:i9+`G*k0)TyP\ldoe8*[.uC|T"));

Password: TESTLPRPG
Salt: 0!a\:i9+`G*k0)TyP\ldoe8*[.uC|T
Hash in DB: e7b91ef3c938f1db3f3a491a5ab541ed
Calculated hash: af656c9df37e1d2d02b57e30f03b8b41

..and again...

select md5(concat(md5("TESTLPRPG1"), "sxIm~UT7ez'{n5BLnF$qt\Sz?y>=yI"));

Password: TESTLPRPG1
Salt: sxIm~UT7ez'{n5BLnF$qt\Sz?y>=yI
Hash in DB: 760de195ae372d43823a97a9af61b56e
Calculated hash: f7c3c30418ba285e31e09131b5584dcd

You problem are most certain the backslashes in the salt:

Notice how "\t" get interpreted as a tab instead.

To escape it you need to have two consecutive backslashes:

Normally you solve this by using mysqli_real_escape_string().
But since you said you wanted to do all in MySQL I would just suggest that you avoid using backslashes and quotes (I noticed a single quote in one of your salts also) to avoid any possible problems.
Otherwise you will have to escape them with backslashes.

That makes sense, I've found that as long as I use a salt variable and not plaintext then it works . Thank you for all your help, I really appreciate it!