How does MariaDB hash passwords?

MariaDB's PASSWORD() function computes SHA1(SHA1(password)) and returns a 41-character string starting with *. This is the same format used by MySQL 4.1+.

Is the MariaDB PASSWORD() function secure?

The double-SHA1 PASSWORD() function is considered weak by modern standards. For new applications, use bcrypt or Argon2 with a proper authentication library rather than storing password hashes directly in the database.

MariaDB Password Generator — Hash & Verify

The MariaDB PASSWORD() function generates a 41-character hash used to store user account passwords in the MySQL and MariaDB authentication system. It computes SHA1(SHA1(password)) — applying the SHA-1 hash function twice — and prefixes the result with an asterisk (*). This format has been used by MySQL since version 4.1 and remains compatible with MariaDB.

How MariaDB PASSWORD() Works

Compute SHA1 of the plain-text password → produces a 20-byte (40-hex) hash
Compute SHA1 of that hash → produces another 20-byte hash
Convert to uppercase hexadecimal and prepend * → final 41-char string

SQL Usage

SELECT PASSWORD('mypassword'); — returns *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4

To create a user: CREATE USER 'user'@'localhost' IDENTIFIED BY 'mypassword';

Frequently Asked Questions

Can I use this hash in MariaDB directly?

Yes. You can set a user password with: UPDATE mysql.user SET authentication_string=PASSWORD('mypass') WHERE User='username'; followed by FLUSH PRIVILEGES;

What if the hash doesn't start with *?

Old MySQL 3.x passwords used a shorter 16-character format without the * prefix. MariaDB supports both, but the new format (with *) is preferred and much stronger.

MariaDB Password Generator online

Generate and verify MariaDB PASSWORD() hashes — runs entirely in your browser

How MariaDB PASSWORD() Works

SQL Usage

Frequently Asked Questions

Can I use this hash in MariaDB directly?

What if the hash doesn't start with *?