Solved

How to compare ms sql hashbytes results within vb6

Posted on 2016-11-06
5
120 Views
Last Modified: 2016-11-09
We are using ms sql hashbytes to encrypt a password column.  What would be the best way to retrieve the value, compare and give the correct results to the user?  In ssms we can 'IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword) ', but how can we do this compare within vb6? vb6 has an equivalent to hashbyte function?
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 

Author Comment

by:rayluvs
ID: 41876283
Hi,

found this vb code to see how to incorporate what want.

Works fine for Hash ansi & unicode but not for sha1, it gies an error on 'SHA1Hash.HashFile' like it doesn't exist (see pix below)

sha1
sha2
How do we get file?
Do we need it?
Does the apps return the same value as SQL HASHBYTE function (see below example)?

Sql:
SELECT HASHBYTES('SHA1', 'ExpertExchange')

Results:
0x8E054939FFEE22BFC46C7A381543148713EC3EFC


(see code attached)
SHA1-Hash.zip
0
 
LVL 34

Expert Comment

by:ste5an
ID: 41876715
How do we get file?
Depends on your application.

Do we need it?
Depends on your application.

Does the apps return the same value as SQL HASHBYTE function (see below example)?
Maybe, the image does not show any hash handling.

p.s. IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword) is nonsense. Don't store passwords. It's insecure by design. Store a salted hash instead of it.
0
 
LVL 29

Accepted Solution

by:
Pawan Kumar earned 500 total points
ID: 41876717
So if it working in SSMS then you can create a stored Procedure with a Parameter called User Name call that from VB code.

--

CREATE PROC CheckPwduser
(
	@SuppliedPassword VARCHAR(100)
)
AS
BEGIN

	IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword) 
		BEGIN
			SELECT 1 as Output
		END
	ELSE
		BEGIN
			SELECT 0  as Output
		END
END

--

Open in new window


So if you get value 0 then you have invalid password other wise valid password.

Hope it helps !
0
 

Author Comment

by:rayluvs
ID: 41876741
ste5an,

"p.s. IF HASHBYTES('SHA1','ExpertExchange') = HASHBYTES('SHA1',@SuppliedPassword) is nonsense. Don't store passwords. "

We placed this for references since we started are working with HASHBYTES function SQL and wanted to know how to do it in vb6.

"How do we get file?
Depends on your application."

The apps is not ours, we found it  and ran and it gave us that message, so we thought an expert can assist on the message

"Do we need it?
Depends on your application."

Same answer, we thought that by showing he code to EE, it would help helping us; again, it's not our code.

Can you take a look at the code? (maybe you can detect the problem)


"Store a salted hash instead of it."

Please provide an example of the process.


Pawan Kumar Khowal,

Thanx, if working in SSMS that would be great, however we are working with vb6 (unless we can pass the users password to SQL and compre and return the resulat back to the vb6 apps?).


In essence, what we want if to compare the HASBYTE value saved in the MS SQL table against the resulting HASHBYTE value in the vb6 apps.  We think our process would be something like this with the code:

1. In the vb6 code ask the user for the password.
2. Convert that value to the HASHBYTE value. <-- (THIS IS WHERE WE WANT ASSISTANCE)
3. Read the SQL table and bring the HASHBYTE value already saved for comparison
4. Compare the users entry password's HASHBYTE value to what is saved in the SQL table.
0
 

Author Closing Comment

by:rayluvs
ID: 41881402
For some reason didn't quite read your entry.  We always re-read the entire question prior deleting one that there is no answer to.  Doing that we slowed down on your entry and modified some and it worked!  So pleasa excuse the delay and thanx!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
This code takes an Excel list of URL’s and adds a header titled “URL List”. It then searches through all URL’s in column “A”, looking for duplicates. When a duplicate is found, it is moved to the top of the list. The duplicate URL’s are then highlig…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question