Solved

Recommendation for saving a password value in MS SQL table and reading it back correctly

Posted on 2016-11-05
2
27 Views
Last Modified: 2016-11-06
We have a table that a column is going to be used for passwords.  This column is a nvarchar(255).  We came upon  HASHBYTES.  When we update the table we SELECT HASHBYTES('SHA1', 'ExpertExchange')

UPDATE TableName SET pwd=HASHBYTES('SHA1', 'ExpertExchange') WHERE UserID='JohnDoe'

Open in new window


When it updates, the value sent to the table is '0x8E054939FFEE22BFC46C7A381543148713EC3EFC'.  The problem we have is how do we decipher the value in order to compare it against an entry by a user.

We want EE opinion if we are in the right direction and EE opinion on how to go about correct so we can save to the table and be able to interprets the value back as what the user entered via their apps.
0
Comment
Question by:rayluvs
2 Comments
 
LVL 24

Accepted Solution

by:
Pawan Kumar earned 500 total points
ID: 41875904
It is not possible to decrypt a hash because hashing does not encrypt the original value at all.  Hashing instead applies a one-way mathematical algorithm to the original value, resulting in a binary value.  Hashed passwords are more secure than password encryption because the hash values can be compared for validation without storing the original password, either encrypted or in plain text:

IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword)
    PRINT 'correct password Supplied by the user';

Ref - https://social.msdn.microsoft.com/Forums/sqlserver/en-US/7e2a3516-ad49-4d22-8377-becdd1300fca/decrypt-the-hashed-password-in-sql-server-2008?forum=transactsql

Hope it helps !!
0
 

Author Comment

by:rayluvs
ID: 41876158
Makes sense, thanx!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have heard of RFC822 date formats, they can be quite a challenge in SQL Server. RFC822 is an Internet standard format for email message headers, including all dates within those headers. The RFC822 protocols are available in detail at:   ht…
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now