Solved

Recommendation for saving a password value in MS SQL table and reading it back correctly

Posted on 2016-11-05
2
19 Views
Last Modified: 2016-11-06
We have a table that a column is going to be used for passwords.  This column is a nvarchar(255).  We came upon  HASHBYTES.  When we update the table we SELECT HASHBYTES('SHA1', 'ExpertExchange')

UPDATE TableName SET pwd=HASHBYTES('SHA1', 'ExpertExchange') WHERE UserID='JohnDoe'

Open in new window


When it updates, the value sent to the table is '0x8E054939FFEE22BFC46C7A381543148713EC3EFC'.  The problem we have is how do we decipher the value in order to compare it against an entry by a user.

We want EE opinion if we are in the right direction and EE opinion on how to go about correct so we can save to the table and be able to interprets the value back as what the user entered via their apps.
0
Comment
Question by:rayluvs
2 Comments
 
LVL 18

Accepted Solution

by:
Pawan Kumar Khowal earned 500 total points
ID: 41875904
It is not possible to decrypt a hash because hashing does not encrypt the original value at all.  Hashing instead applies a one-way mathematical algorithm to the original value, resulting in a binary value.  Hashed passwords are more secure than password encryption because the hash values can be compared for validation without storing the original password, either encrypted or in plain text:

IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword)
    PRINT 'correct password Supplied by the user';

Ref - https://social.msdn.microsoft.com/Forums/sqlserver/en-US/7e2a3516-ad49-4d22-8377-becdd1300fca/decrypt-the-hashed-password-in-sql-server-2008?forum=transactsql

Hope it helps !!
0
 

Author Comment

by:rayluvs
ID: 41876158
Makes sense, thanx!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Suggested Solutions

If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now