[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1252
  • Last Modified:

How to use Transact SQL 'pwdcompare' ?

Need to know how SQL handles the statement SELECT PWDCOMPARE(@password1, @password2).

I always get the same result ( 0 ) whether my passwords are the same or not.  Pls help!
0
SpaarQ
Asked:
SpaarQ
  • 6
  • 3
1 Solution
 
tchalkovCommented:
the first argument of pwdcompare is the clear text password, the second argument is the encoded password sql server stores in syslogins. You can see the encoded password by using 'select * from syslogins' in database master
0
 
SpaarQAuthor Commented:
Thanks, but what I am trying to do is to save an encrypted password using PWDENCRYPT to my table and compare it with  another string.  Please let me know if this is possible in MS SQL.

e.x.

DECLARE @pwd1 char(8)
DECLARE @pwd2 char(8)

SELECT  @pwd1  = PWDENCRYPT('password')
SELECT  @pwd2  = 'password'

SELECT PWDCOMPARE(@pwd2, @pwd1)


Result is 0.

I am defining a set of users to my users table and would like to encrypt the password so it will not be readable.


Thanks.

0
 
SpaarQAuthor Commented:
Adjusted points to 200
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
tchalkovCommented:
yes it is possible but you have a mistake in the code above - the encrypted password is at least 16 chars long - so declare your variables as char(16) and the code will work. however i am not sure if this is enough. you have to try.
0
 
SpaarQAuthor Commented:

i have tried adjusting the sizes but i need to know what value should i expect if the two passwords match or do not match.

i have increased the points to 300. Please tell me how to decrypt , if possible an encrypted password.  I intend to display the original password(hidden with **** chars, of course) on my screen.  Also, compare my new password with my old password in case I wish to change it.

0
 
SpaarQAuthor Commented:
Adjusted points to 300
0
 
tchalkovCommented:
The password field in the syslogins table is 30 chars wide so you can be sure that the encrypted password will be less or equal than 30 characters. However I think that 16 is absolutely enough because always the output of pwdencrypt is 16 chars wide, but there is no documentation so 30 is a safe choice.
pwdcompare returns 0 if passwords do not much or 1 if they match.
there is no way to decrypt. this is a one-way encryption(as far as i know). the only way is to use pwdcompare or a brute force attack if you want to know the original password.
There is a good article about password encryption in SQL Server on: http://www.winntmag.com/magazine/article.cfm?ArticleID=102

0
 
SpaarQAuthor Commented:
Thanks for the great help.

I was having problems updating this yesterday, and i tried to locate your email address since you were very quick answering my questions..

Thank you very much fo the effort.


0
 
SpaarQAuthor Commented:
Thanks for the great help.

I was having problems updating this yesterday, and i tried to locate your email address since you were very quick answering my questions..

Thank you very much fo the effort.


0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now