x

PWDENCRYPT - PWDCOMPARE FUNCTION

Somebody can give me a clue about these undocumented SQL Functions? each time I use PWDENCRYPT with the same data it returns a different bynary output.

more ▼

asked Jul 08, 2010 at 08:29 PM in Default

avatar image

Alberto De Rossi
148 7 9 12

(comments are locked)
10|1200 characters needed characters left

2 answers: sort voted first

PWDENCRYPT() Returns the SQL Server password hash of the input value that uses the current version of the password hashing algorithm. it will produce different hashes at different times to prevent collisions and to strengthen hashes against dictionary attacks, that process is called salting.SQL Server is using some manner of time-dependent scheme for salt generation. if a hash weren't salted, it would be easy to encrypt dictionary words using numerous hash functions

PWDCOMPARE()Hashes a password and compares the hash to the hash of an existing password. PWDCOMPARE can be used to search for blank SQL Server login passwords or common weak passwords. Syntax : PWDCOMPARE ('clear_text_password', 'password_hash' [,version ] ) it returns 1 if the hash of the clear_text_password matches the password_hash parameter, and 0 if it does not.

more ▼

answered Jul 08, 2010 at 10:51 PM

avatar image

Cyborg
10.8k 37 55 51

(comments are locked)
10|1200 characters needed characters left
more ▼

answered Jul 08, 2010 at 09:20 PM

avatar image

arina
71 11 12 14

(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x54

asked: Jul 08, 2010 at 08:29 PM

Seen: 3711 times

Last Updated: Jul 08, 2010 at 08:29 PM

Copyright 2016 Redgate Software. Privacy Policy