Solved

Comparing Hashed password field with clear text.

Posted on 2011-02-24
2
663 Views
Last Modified: 2012-05-11

Hi,
     I am trying to hash password field and then comparing it.  I updated table as shown below.  But when i try to compare and find the password that matches wtih the password i have entered. No result. What is wrong with tihis?
     Thanks in advance.

Table column description :
pass      varbinary(256)      Unchecked

Update Pass field :
update Tab_Users set Pass = HashBytes('SHA1', '1234567') where  UserId = 10

After update here is the pass :
SELECT pass FROM Tab_Users  where  UserId = 10
0x20EABE5D64B0E216796E834F52D61FD0B70332FC


Compare pass  field :
SELECT * FROM Tab_Users
where pwdcompare(HashBytes('SHA1', '1234567'),pass) = 1 AND UserId = 10
0
Comment
Question by:mhanefitel
2 Comments
 
LVL 4

Expert Comment

by:MarioAlcaide
ID: 34970837
Hi, you could create a test user and delete it, just when you are comparing the password ;-)
0
 
LVL 28

Accepted Solution

by:
Ryan McCauley earned 250 total points
ID: 34970879
PWDCOMPARE is used to compare SQL Server login passwords, not custom hashed application passwords. Since you're comparing the hashes, you don't need it. Change that last select to this:

SELECT * FROM Tab_Users 
where HashBytes('SHA1', '1234567') = pass and UserId = 10

Open in new window


And you'll get what you're looking for.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
In this article I will describe the Detach & Attach method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question