Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I need to store a password has in a SQL server 2000 database. The information isn’t critical but I really don’t want to store the password in clear text. How can I get a unique hash (sha, sha1, md5, etc) in SQL server 2000 as HashBytes isn’t available.
I’m not looking for compiled DLL or the ilk, I dont have access to the server, needs to be pure MS SQL.
There are undocumented (until later versions) functions in MS SQL Server 2000 called
pwdencrypt()andpwdcompare().See this blog: Undocumented SQL Server 2000 Functions
Or on MSDN books online:
PWDENCRYPT()PWDCOMPARE()However, this function has been known to be insecure since at least 2002. For some details see “Cracking MS SQL Server passwords” at TheRegister. I guess that’s why it got replaced by Hashbytes.
If you can’t upgrade your SQL Server instance or use any add-ons, this might be the best you can do. Unless you hash the password in application code and store the resulting digest string, leaving the SQL Server out of the loop.