Solved

Recommendation for saving a password value in MS SQL table and reading it back correctly

Posted on 2016-11-05
2
36 Views
Last Modified: 2016-11-06
We have a table that a column is going to be used for passwords.  This column is a nvarchar(255).  We came upon  HASHBYTES.  When we update the table we SELECT HASHBYTES('SHA1', 'ExpertExchange')

UPDATE TableName SET pwd=HASHBYTES('SHA1', 'ExpertExchange') WHERE UserID='JohnDoe'

Open in new window


When it updates, the value sent to the table is '0x8E054939FFEE22BFC46C7A381543148713EC3EFC'.  The problem we have is how do we decipher the value in order to compare it against an entry by a user.

We want EE opinion if we are in the right direction and EE opinion on how to go about correct so we can save to the table and be able to interprets the value back as what the user entered via their apps.
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 29

Accepted Solution

by:
Pawan Kumar earned 500 total points
ID: 41875904
It is not possible to decrypt a hash because hashing does not encrypt the original value at all.  Hashing instead applies a one-way mathematical algorithm to the original value, resulting in a binary value.  Hashed passwords are more secure than password encryption because the hash values can be compared for validation without storing the original password, either encrypted or in plain text:

IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword)
    PRINT 'correct password Supplied by the user';

Ref - https://social.msdn.microsoft.com/Forums/sqlserver/en-US/7e2a3516-ad49-4d22-8377-becdd1300fca/decrypt-the-hashed-password-in-sql-server-2008?forum=transactsql

Hope it helps !!
0
 

Author Comment

by:rayluvs
ID: 41876158
Makes sense, thanx!
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
SQL Server engine let you use a Windows account or a SQL Server account to connect to a SQL Server instance. This can be configured immediatly during the SQL Server installation or after in the Server Authentication section in the Server properties …
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question