<p>MySQL raises ER_PASSWD_LENGTH (error 1372) when a SET PASSWORD or GRANT statement supplies a password hash that is not the required hexadecimal length.</p>
<p>MySQL Error 1372: ER_PASSWD_LENGTH occurs when the password hash in a SET PASSWORD or GRANT statement is not the expected 41-digit (pre-5.7) or 43-digit (5.7+) hexadecimal string. Regenerate the hash with the PASSWORD() or SHA2() function and rerun the statement to resolve the issue.</p>
Password hash should be a %d-digit hexadecimal number
MySQL throws this error when a password hash supplied in a SET PASSWORD, CREATE USER, or GRANT statement is the wrong length. Pre-5.7 servers expect a 41-digit hexadecimal hash that begins with an asterisk. Servers using mysql_native_password after 5.7 expect a 43-digit hash. Any deviation triggers error 1372.
The engine validates the supplied string before updating mysql.user. If the string has missing characters, extra spaces, or non-hexadecimal symbols, validation fails and the statement aborts with ER_PASSWD_LENGTH.
The error typically appears during migrations, scripted user creation, or automated CI pipelines where password hashes come from environment variables or legacy dumps. It may also surface after copying user rows between servers running different major versions.
Failing to set a password halts user creation and leaves accounts unusable. Automation scripts stop, deployments roll back, and team members lose access until the hash is corrected.
Always provide a hash that matches the server’s authentication plugin requirements, strip surrounding quotes correctly, and verify no invisible characters are present.
Supplying a 40 or 42 digit string instead of the exact 41 or 43 required length causes immediate failure.
Restoring a 41-digit mysql_native_password hash on a server that defaults to caching_sha2_password results in a length mismatch.
Extra spaces, line breaks, or hidden characters added when copying the hash from logs or files inflate its length.
Shell escaping or CI variable limits may cut characters from the end of the hash.
Raised when SET PASSWORD references a user that does not exist. Create the user first.
Occurs when you try to modify a user you do not have privileges for. GRANT appropriate rights or connect as root.
Shown when attempting to set a password for an anonymous account without proper clauses.
Exactly 41 characters, including the leading asterisk, for versions before 5.7.6 and 43 characters for 5.7.6+.
Avoid plaintext. Generate the hash inside MySQL or use environment variables and encryption tools to protect credentials.
Yes, for accounts using caching_sha2_password. Provide the plaintext password and let MySQL hash it, or use ALTER USER with IDENTIFIED BY.
Galaxy’s editor validates password commands against the target server version and highlights incorrect hash lengths before execution, reducing runtime errors.
.avif)
.avif){kind=logo}
