user table. Thus, this issue has a rather low impact. The MySQL authentication uses hashing and a salt in order to prevent authenticating with only a hash or replaying a previously recorded authentication sha1(sha1(pw)) Server -> Client: salt (randomly generated for each connection attempt) Client -> Server: sha1(pw) ^ sha1(salt + sha1(sha1(pw))) Server computes: sha1(client_response ^ sha1(salt + sha1(sha1(pw))) Server the password hash is not known to an attacker, a timing attack is not possible. This is because the salt is never reused and causes unpredictable changes. If the attacker has retrieved the stored password

10 13 12 Page (定长) B-tree 2 7 9 B-tree Header (100 – 16 bytes) SQLite Header Magic / KDF Salt (16 bytes) sqlite_master 表根节点 (PageSize – 100 bytes) Page 1 sqlite_master 节点 sqlite_master INDEX 语句 初始化流程 打开文件 读取 Salt，根据密钥生成 Key 解码 Page 1，读取 Header 解析 sqlite_master，生成 Schema 关键数据 打开文件 读取 Salt，根据密钥生成 Key 解码 Page 1，读取 Header 解析 sqlite_master，生成 Schema Salt 【用于正确解密】 Page Size 【正确划分Page】 【正确划分Page】 root_page、SQL 【正确访问表数据】 ◊ 序列化备份关键数据 ◊ 时机： Schema 改变时 ◊ 内容： KDF Salt、PageSize、sqlite_master ◊ 开销： 12 kB、10 ms ◊ ~350 个 table/index Master Backup ◊ 最小化系统 ◊ 读数据，写新DB ◊ 只包含核心逻辑 ◊ 高度容错 ◊

069c35c2820e1bf33324f27c3fb5852f1/go/mysql/a uth_server.go#L251 func ScrambleMysqlNativePassword(salt, password []byte) []byte { if len(password) == 0 { return nil } // stage1Hash = SHA1(password) Sum(nil) // scrambleHash = SHA1(salt + SHA1(stage1Hash)) // inner Hash crypt.Reset() crypt.Write(stage1) hash := crypt.Sum(nil) // outer Hash crypt.Reset() crypt.Write(salt) crypt.Write(hash) scramble :=

列列族数量量 1-3 • 每个region⼤大⼩小 10G-50G • 每个cell⼤大⼩小 10M Schema设计 Schema设计 OpenTSDB 存监控指标的时序数据库 [salt][... RowKey: Column Qualifier: RowKey: Column Qualifier: ⻥鱼和熊掌不不可兼得: 冗余 Schema设计 有趣的操作 • 倒序域名: com.google.cloud 利利于压缩空间 • 加盐salt: 防⽌止出现热点 • 倒序时间戳 Long.Max - timestamp • 官⽅方⽂文档 • MapR HBase architecture • HFile结构解析 • Google

...............................................................................1988 F.20.2.2. gen_salt() ....................................................................................1989 F.20.3 the server. It first MD5 encrypts it based on the user name, and then encrypts it based on a random salt sent by the server when the database connection was made. It is this double-encrypted value that is different user if you need to do that.) Because MD5-encrypted passwords use the role name as cryptographic salt, renaming a role clears its password if the password is MD5-encrypted. The remaining variants change

...............................................................................1871 F.20.2.2. gen_salt() .............................................................................1872 F.20.3. PGP encryption the server. It first MD5 encrypts it based on the user name, and then encrypts it based on a random salt sent by the server when the database connection was made. It is this double- encrypted value that different user if you need to do that.) Because MD5-encrypted passwords use the role name as cryptographic salt, renaming a role clears its password if the password is MD5- encrypted. The remaining variants change

........................................................................2073 xliv F.23.2.2. gen_salt() .............................................................................2073 F.23.3. PGP encryption the server. It first MD5 encrypts it based on the user name, and then encrypts it based on a random salt sent by the server when the database connection was made. It is this double- encrypted value that must be configured for the server’s user name, not the client’s. Because md5 uses the user name as salt on both the client and server, md5 cannot be used with db_user_namespace. Note: This feature is intended

...............................................................................2209 F.23.2.2. gen_salt() ....................................................................................2209 F.23.3 the server. It first MD5 encrypts it based on the user name, and then encrypts it based on a random salt sent by the server when the database connection was made. It is this double-encrypted value that is must be con- figured for the server’s user name, not the client’s. Because md5 uses the user name as salt on both the client and server, md5 cannot be used with db_user_namespace. Note: This feature is intended

Result type VARBINARY Syntax RSA_SIGN_HASH (message_digest KEY private_key [HASH ] [SALT_LENGTH salt_length] [PKCS_1_5]) ::= MD5 | SHA1 | SHA256 | SHA512 Table 205. RSA_SIGN_HASH Function default is SHA256. This should be the same hash as used to generate message_digest. salt_length Length of the desired salt in bytes; default is 8; minimum 1, maximum 32. The recommended value is between Syntax RSA_VERIFY_HASH (message_digest SIGNATURE signature KEY public_key [HASH ] [SALT_LENGTH salt_length] Chapter 8. Built-in Scalar Functions 489 [PKCS_1_5]) ::= MD5 | SHA1 | SHA256

...............................................................................2238 F.25.2.2. gen_salt() .............................................................................2238 F.25.3. PGP encryption the server. It first MD5-encrypts it based on the user name, and then encrypts it based on a random salt sent by the server when the database connection was made. It is this double- encrypted value that must be configured for the server’s user name, not the client’s. Because md5 uses the user name as salt on both the client and server, md5 cannot be used with db_user_namespace. Note: This feature is intended