Solved

Recommendation for saving a password value in MS SQL table and reading it back correctly

Posted on 2016-11-05
2
32 Views
Last Modified: 2016-11-06
We have a table that a column is going to be used for passwords.  This column is a nvarchar(255).  We came upon  HASHBYTES.  When we update the table we SELECT HASHBYTES('SHA1', 'ExpertExchange')

UPDATE TableName SET pwd=HASHBYTES('SHA1', 'ExpertExchange') WHERE UserID='JohnDoe'

Open in new window


When it updates, the value sent to the table is '0x8E054939FFEE22BFC46C7A381543148713EC3EFC'.  The problem we have is how do we decipher the value in order to compare it against an entry by a user.

We want EE opinion if we are in the right direction and EE opinion on how to go about correct so we can save to the table and be able to interprets the value back as what the user entered via their apps.
0
Comment
Question by:rayluvs
2 Comments
 
LVL 28

Accepted Solution

by:
Pawan Kumar earned 500 total points
ID: 41875904
It is not possible to decrypt a hash because hashing does not encrypt the original value at all.  Hashing instead applies a one-way mathematical algorithm to the original value, resulting in a binary value.  Hashed passwords are more secure than password encryption because the hash values can be compared for validation without storing the original password, either encrypted or in plain text:

IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword)
    PRINT 'correct password Supplied by the user';

Ref - https://social.msdn.microsoft.com/Forums/sqlserver/en-US/7e2a3516-ad49-4d22-8377-becdd1300fca/decrypt-the-hashed-password-in-sql-server-2008?forum=transactsql

Hope it helps !!
0
 

Author Comment

by:rayluvs
ID: 41876158
Makes sense, thanx!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi all, It is important and often overlooked to understand “Database properties”. Often we see questions about "log files" or "where is the database" and one of the easiest ways to get general information about your database is to use “Database p…
In this article I will describe the Detach & Attach method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question