SpaarQ
asked on
How to use Transact SQL 'pwdcompare' ?
Need to know how SQL handles the statement SELECT PWDCOMPARE(@password1, @password2).
I always get the same result ( 0 ) whether my passwords are the same or not. Pls help!
I always get the same result ( 0 ) whether my passwords are the same or not. Pls help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Adjusted points to 200
yes it is possible but you have a mistake in the code above - the encrypted password is at least 16 chars long - so declare your variables as char(16) and the code will work. however i am not sure if this is enough. you have to try.
ASKER
i have tried adjusting the sizes but i need to know what value should i expect if the two passwords match or do not match.
i have increased the points to 300. Please tell me how to decrypt , if possible an encrypted password. I intend to display the original password(hidden with **** chars, of course) on my screen. Also, compare my new password with my old password in case I wish to change it.
ASKER
Adjusted points to 300
The password field in the syslogins table is 30 chars wide so you can be sure that the encrypted password will be less or equal than 30 characters. However I think that 16 is absolutely enough because always the output of pwdencrypt is 16 chars wide, but there is no documentation so 30 is a safe choice.
pwdcompare returns 0 if passwords do not much or 1 if they match.
there is no way to decrypt. this is a one-way encryption(as far as i know). the only way is to use pwdcompare or a brute force attack if you want to know the original password.
There is a good article about password encryption in SQL Server on: http://www.winntmag.com/magazine/article.cfm?ArticleID=102
pwdcompare returns 0 if passwords do not much or 1 if they match.
there is no way to decrypt. this is a one-way encryption(as far as i know). the only way is to use pwdcompare or a brute force attack if you want to know the original password.
There is a good article about password encryption in SQL Server on: http://www.winntmag.com/magazine/article.cfm?ArticleID=102
ASKER
Thanks for the great help.
I was having problems updating this yesterday, and i tried to locate your email address since you were very quick answering my questions..
Thank you very much fo the effort.
I was having problems updating this yesterday, and i tried to locate your email address since you were very quick answering my questions..
Thank you very much fo the effort.
ASKER
Thanks for the great help.
I was having problems updating this yesterday, and i tried to locate your email address since you were very quick answering my questions..
Thank you very much fo the effort.
I was having problems updating this yesterday, and i tried to locate your email address since you were very quick answering my questions..
Thank you very much fo the effort.
ASKER
e.x.
DECLARE @pwd1 char(8)
DECLARE @pwd2 char(8)
SELECT @pwd1 = PWDENCRYPT('password')
SELECT @pwd2 = 'password'
SELECT PWDCOMPARE(@pwd2, @pwd1)
Result is 0.
I am defining a set of users to my users table and would like to encrypt the password so it will not be readable.
Thanks.