• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 605
  • Last Modified:

Database hash

Hi,
       
Can someone explain me how mssql DB 2000 stores password hashes . Does it use MD5 ,sha 1 or something else  to create password hash. How can i know whether a hash is md5 , sha1 or something else?I want to know is there any way that can be used to identify which algorithm was  used to create hash just by seeing at hash value.

0
ujjwal-singh
Asked:
ujjwal-singh
  • 5
  • 3
  • 3
3 Solutions
 
CSecurityCommented:
MD5 hash have 32 byte (32 chars)

SHA is 64 byte

Some softwares like linux uses DES
Some softwares like windows uses NTLM and LM

Each have it's own algorithm, it's own signature.
0
 
CSecurityCommented:
See this to know more about MS SQL 2000 password hashes:
http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf
0
 
TobiasCommented:
Dear,

Most of the type you could identify one algorithm with the length (output size) that could be the same length, or the frequency of something that could repeat in the algorithm.

The MS SQL 2000 use an undocumented function.

See this article about how MS SQL 2000 store password :

http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf

Best Regards
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
CSecurityCommented:
MadShiva, all things you said was in my comments, nothing new added
0
 
TobiasCommented:
Dear CSecurity,

Yes, but when I added my question no question was here... it's a question of timing.

I'm not good in English then I need some times to do a good sentence then it's for that, that we provide the same solution.

Also you could see that I reply to the question about how to identify the algorithm by the size of the output.


Best Regards
0
 
TobiasCommented:
If you want more information about hash you have this page that could be useful :

http://en.wikipedia.org/wiki/Cryptographic_hash_function
0
 
ujjwal-singhAuthor Commented:
Any idea about how mssql 2000 DB store password hashes?does it use md5 or sha.
0
 
CSecurityCommented:
It's undocumented hash algorithm, see the link... http://www.ngssoftware.com/papers/cracking-sql-passwords.pdf
0
 
ujjwal-singhAuthor Commented:
thanks for all of your comments but i was expecting something different which was not known to me
0
 
CSecurityCommented:
Really? Do you want me to invent a new algorithm and embed it into SQL Server core? So it will be new, huh?

Algorithm is algorithm. That's it. SQL server uses the algorithm which have a code in PDF I gave you. That's all.
0
 
ujjwal-singhAuthor Commented:
rt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now