• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 44
  • Last Modified:

Recommendation for saving a password value in MS SQL table and reading it back correctly

We have a table that a column is going to be used for passwords.  This column is a nvarchar(255).  We came upon  HASHBYTES.  When we update the table we SELECT HASHBYTES('SHA1', 'ExpertExchange')

UPDATE TableName SET pwd=HASHBYTES('SHA1', 'ExpertExchange') WHERE UserID='JohnDoe'

Open in new window

When it updates, the value sent to the table is '0x8E054939FFEE22BFC46C7A381543148713EC3EFC'.  The problem we have is how do we decipher the value in order to compare it against an entry by a user.

We want EE opinion if we are in the right direction and EE opinion on how to go about correct so we can save to the table and be able to interprets the value back as what the user entered via their apps.
1 Solution
Pawan KumarDatabase ExpertCommented:
It is not possible to decrypt a hash because hashing does not encrypt the original value at all.  Hashing instead applies a one-way mathematical algorithm to the original value, resulting in a binary value.  Hashed passwords are more secure than password encryption because the hash values can be compared for validation without storing the original password, either encrypted or in plain text:

IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword)
    PRINT 'correct password Supplied by the user';

Ref - https://social.msdn.microsoft.com/Forums/sqlserver/en-US/7e2a3516-ad49-4d22-8377-becdd1300fca/decrypt-the-hashed-password-in-sql-server-2008?forum=transactsql

Hope it helps !!
rayluvsAuthor Commented:
Makes sense, thanx!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now