[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Database hash

Posted on 2009-12-21
11
Medium Priority
?
585 Views
Last Modified: 2012-05-08
Hi,
       
Can someone explain me how mssql DB 2000 stores password hashes . Does it use MD5 ,sha 1 or something else  to create password hash. How can i know whether a hash is md5 , sha1 or something else?I want to know is there any way that can be used to identify which algorithm was  used to create hash just by seeing at hash value.

0
Comment
Question by:ujjwal-singh
  • 5
  • 3
  • 3
11 Comments
 
LVL 17

Accepted Solution

by:
CSecurity earned 400 total points
ID: 26095465
MD5 hash have 32 byte (32 chars)

SHA is 64 byte

Some softwares like linux uses DES
Some softwares like windows uses NTLM and LM

Each have it's own algorithm, it's own signature.
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 26095468
See this to know more about MS SQL 2000 password hashes:
http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf
0
 
LVL 10

Assisted Solution

by:Tobias
Tobias earned 600 total points
ID: 26095492
Dear,

Most of the type you could identify one algorithm with the length (output size) that could be the same length, or the frequency of something that could repeat in the algorithm.

The MS SQL 2000 use an undocumented function.

See this article about how MS SQL 2000 store password :

http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf

Best Regards
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 17

Expert Comment

by:CSecurity
ID: 26095875
MadShiva, all things you said was in my comments, nothing new added
0
 
LVL 10

Assisted Solution

by:Tobias
Tobias earned 600 total points
ID: 26096585
Dear CSecurity,

Yes, but when I added my question no question was here... it's a question of timing.

I'm not good in English then I need some times to do a good sentence then it's for that, that we provide the same solution.

Also you could see that I reply to the question about how to identify the algorithm by the size of the output.


Best Regards
0
 
LVL 10

Expert Comment

by:Tobias
ID: 26096649
If you want more information about hash you have this page that could be useful :

http://en.wikipedia.org/wiki/Cryptographic_hash_function
0
 

Author Comment

by:ujjwal-singh
ID: 26096858
Any idea about how mssql 2000 DB store password hashes?does it use md5 or sha.
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 26096918
It's undocumented hash algorithm, see the link... http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf
0
 

Author Comment

by:ujjwal-singh
ID: 26187962
thanks for all of your comments but i was expecting something different which was not known to me
0
 
LVL 17

Expert Comment

by:CSecurity
ID: 26188233
Really? Do you want me to invent a new algorithm and embed it into SQL Server core? So it will be new, huh?

Algorithm is algorithm. That's it. SQL server uses the algorithm which have a code in PDF I gave you. That's all.
0
 

Author Closing Comment

by:ujjwal-singh
ID: 31668491
rt
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
How much do you know about the future of data centers? If you're like 50% of organizations, then it's probably not enough. Read on to get up to speed on this emerging field.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question