开发者

SQL Server 2000, yes 2000 password hash

I need to store a password has in a SQL server 2000 database. The information isn't critical but I really don't want to store the password in clear text. How can I get a unique hash (sha, sha1, md5, etc) in SQL server 2000 as HashBytes isn't available.

I'm not looking for compil开发者_StackOverflow中文版ed DLL or the ilk, I dont have access to the server, needs to be pure MS SQL.


There are undocumented (until later versions) functions in MS SQL Server 2000 called pwdencrypt() and pwdcompare().

See this blog: Undocumented SQL Server 2000 Functions

Or on MSDN books online:

  • PWDENCRYPT()
  • PWDCOMPARE()

However, this function has been known to be insecure since at least 2002. For some details see "Cracking MS SQL Server passwords" at TheRegister. I guess that's why it got replaced by Hashbytes.

If you can't upgrade your SQL Server instance or use any add-ons, this might be the best you can do. Unless you hash the password in application code and store the resulting digest string, leaving the SQL Server out of the loop.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜