PWDEncrypt SQL Server Value Comparison

Question

PWDEncrypt SQL Server Value Comparison

I think that what I am going to ask is impossible, however, I thought it was worth doing it here.

We have an application that uses the functions PWDEncrypt and PWDCompare for SQL servers.

Part of the system creates duplicate users (the same login and password). Due to a system error, instead of copying the binary stored PWDEncrypt password, he executed another PWDEncrypt password. Therefore binary values do not match.

Is it possible to find out if two binary values are hashes of the same password?

eg. PWDEncrypt ('abc') = PWDEncrypt ('abc')

If I can do this, it means that I can find out how many users this error actually affected, and not deal with thousands!

EDIT: To clarify, PWDEncrypt ('abc') = PWDEncrypt ('abc') will NOT return true, since passwords are hashed with different values.

So far I know that it is not possible to get the password from the hash, PWDCOMPARE ('abc', PWDENCRYPT ('abc')), so internally SQL Server has to do more than just hash the password that you are comparing, and check that the values are the same.

+4

passwords sql-server sql-server-2005 encryption hash

Robin day Apr 24 '09 at 14:15

source share

3 answers

Just try using a function that implements pwdencrypt ('YourPa $$ w0rd') to save it, and then another that returns BIT 0/1 with the built-in fct pwdcompare ('The EnteredPassWord', (Choose Pwd From dbo. Users where Uid = 'UserName')) What is it; -)

+1

Tadeo piana Nov 22 '11 at 12:14

source share

You can simply enter SELECT CASE WHEN PWDEncrypt('abc') = PWDEncrypt('abc') THEN 1 ELSE 0 END in the query window and see the result.

0

Joel Coehoorn Apr 24 '09 at 14:19

source share

Nick kavadias · Accepted Answer · 2009-04-24T23:51:18+0000

The Joel statement seems to be valid in SQL Server 2000, but not in SQL Server 2005.

When you create hashes together in the same statement in 2000, they end up with the same salt (a random number of seeds at the beginning), which makes them identical. In 2005, all salt is always generated, so they never match

if you try this on SQL Server 2000:

PRINT PWDEncrypt('abc') PRINT PWDEncrypt('abc') PRINT PWDEncrypt('aaa') PRINT PWDEncrypt('bbb')

you always have the same salt at the beginning of the hash, where, as in 2005, it is always different. Also, note that the hash is shorter in SQL Server 2005, as it no longer supports an uppercase hash copy for password compatibility with sensitive data.

If you can generate a hash with the same salt, you can compare them (which means trying brute force or a dictionary attack). Check out this article on how to do this. It shows you how to crack a SQL Server password in C using the CryptCreateHash function.

PWDEncrypt SQL Server Value Comparison

More articles: