- a NUL or '$' could get replaced with another NUL or '$'
- Replacement characters didn't get their first bit set to 0 (`&^ 128`)
- The test case used the index number instead of the value of the rune.
This code intended to set the first bit of every byte of the salt
to 0 as the salt should not contain multi-byte UTF-8.
However it failed to do this. This changes the `^` with a `^&` to fix
that.
In addition to that this also avoids the '$' inside salts as that is
already used as delimiter in the authentication string.
Co-authored-by: tiancaiamao <tiancaiamao@gmail.com>
This allows validating passwords against the `authentication_string`
data that MySQL stores for caching_sha2 passwords.
Related:
- https://github.com/pingcap/tidb/issues/9411
