• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 675
  • Last Modified:

Comparing Hashed password field with clear text.


Hi,
     I am trying to hash password field and then comparing it.  I updated table as shown below.  But when i try to compare and find the password that matches wtih the password i have entered. No result. What is wrong with tihis?
     Thanks in advance.

Table column description :
pass      varbinary(256)      Unchecked

Update Pass field :
update Tab_Users set Pass = HashBytes('SHA1', '1234567') where  UserId = 10

After update here is the pass :
SELECT pass FROM Tab_Users  where  UserId = 10
0x20EABE5D64B0E216796E834F52D61FD0B70332FC


Compare pass  field :
SELECT * FROM Tab_Users
where pwdcompare(HashBytes('SHA1', '1234567'),pass) = 1 AND UserId = 10
0
mhanefitel
Asked:
mhanefitel
1 Solution
 
MarioAlcaideCommented:
Hi, you could create a test user and delete it, just when you are comparing the password ;-)
0
 
Ryan McCauleyCommented:
PWDCOMPARE is used to compare SQL Server login passwords, not custom hashed application passwords. Since you're comparing the hashes, you don't need it. Change that last select to this:

SELECT * FROM Tab_Users 
where HashBytes('SHA1', '1234567') = pass and UserId = 10

Open in new window


And you'll get what you're looking for.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now