"1 in 256 times *any* password might get you in" – MySQL authentication disaster
What if your authentication system itself were at fault? You could have the hardest-to-guess password, salted and hashed thousands of times, and still be at risk.
That’s what happened to MySQL and MariaDB.
Story added 13. June 2012, content source with full text you can find at link above.