Solved

Use T-SQL to create a unique password based on UserID

Posted on 2013-01-18
9
317 Views
Last Modified: 2013-01-22
I'd like to come up with some code that can use a UserID to generate a unique password. We need to convert UserIDs from a legacy system into a new one and create a 'default' password for each user and have the code available, so we can re-generate the same password at a later date. Thus the password cannot be based on something dynamic (such as the time, etc.) It does not have to be a strong passowrd, but also do not want it to be generated in such a way that someone could easily figure it our (e.g. add 4 to the UserID character so A becomes E, or such.

We will set a flag so on initial logon it will need to be changed. We do not want to create a default for everyone that is the same, because Bill may try to log onto John's account using the same password.

Again, the password generated must be repeatable, thus, using the same UserID, I will always get the same password.

Any ideas? I'd like to see it be a function.
0
Comment
Question by:dbbishop
9 Comments
 
LVL 7

Expert Comment

by:Ross Turner
ID: 38794545
some interesting ideas on password generation here:

http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=59194
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 38794566
If you want to be able to reuse that initial Passwort, why not store it in it's own field? That way you can easily restore it, and while the two field values are equal the user needs to change.
Just an idea.
0
 
LVL 22

Expert Comment

by:Steve Wales
ID: 38794625
Once needed to do something like that - we had social security numbers stored in the payroll system, a temporary password when requested to be set up like that was set up as a certain string concatenated in front of the last 4 of someone's SSN.

Assuming that one keeps one's SSN private.... you have a password that only the user should know that can be evenly applied across everyone.
0
 
LVL 15

Author Comment

by:dbbishop
ID: 38794715
I cannot use RAND() or any other function that would make the password un-repeatable. If I pass 'DBBISHOP' into the function, it should always return the same value. I've not worked with XOR before, but I suppose it is possible to set up a 'seed' string and XOR character by character against it. The resulting password must be displayable characters, and could be alpha (upper or lower case), numeric or special characters, with no spaces, of course.

The password must be unique for the user, but not random.

Also, SSN is not available.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 15

Author Comment

by:dbbishop
ID: 38794716
AngelIII, cannot change the existing database schema.
0
 
LVL 35

Accepted Solution

by:
Robert Schutt earned 500 total points
ID: 38794734
Try this:
CREATE FUNCTION GetPwd
(
	@p1 varchar(100)
)
RETURNS varchar(8)
AS
BEGIN
	DECLARE @Result varchar(8)
	SET @Result = ''
	DECLARE @secret varchar(100)
	SET @secret = 'secret'
	DECLARE @charset varchar(62)
	SET @charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
	DECLARE @i int
	SET @i = 0
	DECLARE @p int
	SET @p = 0
	DECLARE @s int
	SET @s = 0
	WHILE @i < 8
	BEGIN
		SET @i = @i + 1
		SET @p = (@p % LEN(@p1)) + 1
		SET @s = (@s % LEN(@secret)) + 1
		SET @Result = @Result + SUBSTRING(@charset, (ASCII(SUBSTRING(@p1, @p, 1)) + ASCII(SUBSTRING(@secret, @s, 1))) % LEN(@charset) + 1, 1)
	END
	RETURN @Result
END
GO

Open in new window

Call it with the account name and I believe your specs are met.
0
 
LVL 35

Expert Comment

by:Robert Schutt
ID: 38794741
I just saw your previous posts, you could add some more calculations, making it a bit more like AES encryption (thinking about that after you XOR remark) but I was under the assumption that there was no need for such stringent security on this (just not *too* easy to guess the password of another user).
0
 
LVL 15

Author Comment

by:dbbishop
ID: 38799128
robert_schutt, you are correct. We are doing a conversion and first time they log in, we will force them to change the password, and the new password will be encrypted and strong.

Thus, the main requirement is that they are not all the same, and that they are not easy to 'guess', no need for a strong password or encryption. Once converted, we will provide a 'cross-reference' list to admin, but in case it is misplaced, etc. they should be able to reproduce the initial passowr, becuase, without it, there is no way for the user to access the system.

I'll give your code a try this week.
0
 
LVL 15

Author Closing Comment

by:dbbishop
ID: 38803714
Thanks. Works great.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As they say in love and is true in SQL: you can sum some Data some of the time, but you can't always aggregate all Data all the time! Introduction: By the end of this Article it is my intention to bring the meaning and value of the above quote to…
I'm trying, I really am. But I've seen so many wrong approaches involving date(time) boundaries I despair about my inability to explain it. I've seen quite a few recently that define a non-leap year as 364 days, or 366 days and the list goes on. …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now