Solved

Comparing Hashed password field with clear text.

Posted on 2011-02-24
2
652 Views
Last Modified: 2012-05-11

Hi,
     I am trying to hash password field and then comparing it.  I updated table as shown below.  But when i try to compare and find the password that matches wtih the password i have entered. No result. What is wrong with tihis?
     Thanks in advance.

Table column description :
pass      varbinary(256)      Unchecked

Update Pass field :
update Tab_Users set Pass = HashBytes('SHA1', '1234567') where  UserId = 10

After update here is the pass :
SELECT pass FROM Tab_Users  where  UserId = 10
0x20EABE5D64B0E216796E834F52D61FD0B70332FC


Compare pass  field :
SELECT * FROM Tab_Users
where pwdcompare(HashBytes('SHA1', '1234567'),pass) = 1 AND UserId = 10
0
Comment
Question by:mhanefitel
2 Comments
 
LVL 4

Expert Comment

by:MarioAlcaide
ID: 34970837
Hi, you could create a test user and delete it, just when you are comparing the password ;-)
0
 
LVL 28

Accepted Solution

by:
Ryan McCauley earned 250 total points
ID: 34970879
PWDCOMPARE is used to compare SQL Server login passwords, not custom hashed application passwords. Since you're comparing the hashes, you don't need it. Change that last select to this:

SELECT * FROM Tab_Users 
where HashBytes('SHA1', '1234567') = pass and UserId = 10

Open in new window


And you'll get what you're looking for.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Numeric sequence in SQL 14 38
encyps queries mssql 15 27
while loop in html mail format 5 33
Update in Sql 7 0
If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now