x

PWDENCRYPT - PWDCOMPARE FUNCTION

Somebody can give me a clue about these undocumented SQL Functions? each time I use PWDENCRYPT with the same data it returns a different bynary output.
more ▼

asked Jul 08, 2010 at 08:29 PM in Default

Alberto De Rossi gravatar image

Alberto De Rossi
148 7 7 9

(comments are locked)
10|1200 characters needed characters left

2 answers: sort voted first

PWDENCRYPT() Returns the SQL Server password hash of the input value that uses the current version of the password hashing algorithm. it will produce different hashes at different times to prevent collisions and to strengthen hashes against dictionary attacks, that process is called salting.SQL Server is using some manner of time-dependent scheme for salt generation. if a hash weren't salted, it would be easy to encrypt dictionary words using numerous hash functions

PWDCOMPARE()Hashes a password and compares the hash to the hash of an existing password. PWDCOMPARE can be used to search for blank SQL Server login passwords or common weak passwords. Syntax : PWDCOMPARE ('clear_text_password', 'password_hash' [,version ] ) it returns 1 if the hash of the clear_text_password matches the password_hash parameter, and 0 if it does not.
more ▼

answered Jul 08, 2010 at 10:51 PM

Cyborg gravatar image

Cyborg
10.6k 36 40 45

(comments are locked)
10|1200 characters needed characters left
more ▼

answered Jul 08, 2010 at 09:20 PM

arina gravatar image

arina
71 9 12 12

(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x38

asked: Jul 08, 2010 at 08:29 PM

Seen: 3099 times

Last Updated: Jul 08, 2010 at 08:29 PM