Updating MySQL Passwords When Using old_passwords

So I learned this awhile back but forgot tonight while making a change on a production system. No real harm, just broke the site for a couple minutes while I quickly scanned through the MySQL documentation. Here's the scenario:

MySQL version 4.1
PHP version 5.2.5

We had some legacy PHP code that required us to use the old_passwords option in my.cnf. Instead of upgrading all our code to use 32-bit password hashes we just enabled old_passwords instead. Yes, this is more insecure, but I have to pick my battles.

Anyway, what happened tonight was that I needed to update the mysql password for one of our applications that was configured to use 16-bit hashes (the old password format). I issued this:

UPDATE mysql.user SET Password = PASSWORD('SomeUnguessablePassword') where User = 'galileo';

This updated the password for that user, but the application broke. I tried connecting to it from the MySQL client and it failed. I'm not sure why I thought of the old password format at that point...call it a stroke of good luck...but I quickly searched for old_passwords in the MySQL documentation and was reminded of the OLD_PASSWORD() function. So I then issued the following:

UPDATE mysql.user SET Password = OLD_PASSWORD('SomeUnguessablePassword') where User = 'galileo';

And voila! We were back in business.

One tip for those that are changing passwords and want an easy way to backout (this is mostly for the noobs). SELECT the current password from the user table and have this query ready just in case something breaks.

UPDATE mysql.user SET Password = '77da416361d244c3' where User = 'galileo';

Using the hashed password you got previously of course. That way, even if you didn't know what the plain text password was you could still revert back.