Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 


 
     
Recent Posts
   
Popular Topics
Home   
Search
    Members    Calendar    Who's On

Home » Article Discussions » Article Discussions by Author » Discuss Content Posted by Steve Jones » HASHBYTES
Add to briefcase
59 posts, Page 1 of 6
12345»»»

HASHBYTES Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
Steve Jones - SSC Editor
Posted Wednesday, February 08, 2012 10:03 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 11:02 AM
Points: 31,410, Visits: 13,725
Comments posted to this topic are about the item HASHBYTES






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1249456
Henrico Bekker
Posted Wednesday, February 08, 2012 10:13 PM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Tuesday, May 14, 2013 2:24 AM
Points: 1,871, Visits: 2,692
Good one thanks.

----------------------------------------------
Msg 8134, Level 16, State 1, Line 1
Divide by zero error encountered.
Post #1249458
GPO
Posted Wednesday, February 08, 2012 11:55 PM


SSChasing Mays

SSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing Mays

Group: General Forum Members
Last Login: Yesterday @ 5:30 AM
Points: 648, Visits: 1,302
Add the sale string


The SALE string? This confused me!



One of the symptoms of an approaching nervous breakdown is the belief that one's work is terribly important.
Bertrand Russell
Post #1249482
Koen Verbeeck
Posted Thursday, February 09, 2012 12:41 AM


SSCrazy Eights

SSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy Eights

Group: General Forum Members
Last Login: Today @ 9:06 AM
Points: 9,367, Visits: 6,465
Good question, had to do a bit of research, but the MSDN link doesn't really back-up the explanation as it doesn't mention salt anywhere.

edit: in this thread, an MVP does the suggestion of adding a salt to the string itself.
http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/6002f5a4-19a0-4a11-a569-e112375d3efa/


How to post forum questions.
Need an answer? No, you need a question.
What’s the deal with Excel & SSIS?

Member of LinkedIn. My blog at LessThanDot.

MCSA SQL Server 2012 - MCSE Business Intelligence
Post #1249510
Michael Riemer
Posted Thursday, February 09, 2012 12:45 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, May 16, 2013 2:10 AM
Points: 1,234, Visits: 346
Have to agree that the SALE string confused me too. Otherwise it was a fairly simple question - Thanks
Post #1249511
Stewart "Arturius" Campbell
Posted Thursday, February 09, 2012 1:25 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 3:48 AM
Points: 3,125, Visits: 4,311
Thanks for the question, Steve.
took a fair bit of digging to find this.

One would expect MS to allow an optional parameter for salt to the HASHBYTES function...

____________________________________________
Space, the final frontier? not any more...
All limits henceforth are self-imposed.
“libera tute vulgaris ex”
Post #1249519
mohammed moinudheen
Posted Thursday, February 09, 2012 2:50 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Thursday, May 16, 2013 3:34 PM
Points: 2,170, Visits: 3,582
No idea about this really. I guessed it and got it wrong

Mohammed Moinudheen
Post #1249556
Raghavendra Mudugal
Posted Thursday, February 09, 2012 2:56 AM


SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Today @ 4:10 AM
Points: 444, Visits: 1,195
For me this question did not made any sense.

the sample code is just concatenating another variable to it, you can name it @salt to @sugar... still the sample code will not make sense to me.

And in your question, you say as SALT parameter, HASHBYTES does not has any salt parameter, you are just concatenating a variable (declares as salt) - which does not makes as parameter to it.

if you just use this, it gives different results

select hashbytes ('SHA1', 'FIRST')
select hashbytes ('SHA1', 'FIRST' + ' SECOND')

in both cases INPUT value is different, so its obvious the HASH return string will be different. (its a known thing)

My only concern is - question and it's answer does not really suites. I dont think SALT is tech word here in SQL, so it does not paints proper picture.

ww; Raghu
--
There are only 10 types of people in the world, those who understand binary, and those who don't.

Note: (as of now) only.. 1 and 4 applies (i am on my way...)
Post #1249558
L' Eomot Inversé
Posted Thursday, February 09, 2012 2:57 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 1:10 PM
Points: 7,084, Visits: 7,137
Nice question.

Stewart "Arturius" Campbell (2/9/2012)
One would expect MS to allow an optional parameter for salt to the HASHBYTES function...

Or maybe not - unless perhaps they also provided a parameter to indicate whether the salt should be prepended or appended; Steve's code does the latter, but that's pretty unusual because people who deal with cryptographic matters (like hashing and encryption and key management and secure login and...) are used to prepending a salt (because in front is the only place it's useful in the applications of CBC mode encryption that need a salt).

Tom
Que conclure à la fin de tous mes longs propos? C'est que les préjugés sont la raison des sots. (Voltaire, 1756)
Post #1249559
michael.kaufmann
Posted Thursday, February 09, 2012 3:38 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Wednesday, February 06, 2013 11:51 PM
Points: 1,263, Visits: 1,079
Koen Verbeeck (2/9/2012)
but the MSDN link doesn't really back-up the explanation as it doesn't mention salt anywhere.


I'd second this; it's my understanding that concatenating a fixed string as salt (in Steve's example assigned to a variable) to another string can't be considered a salt parameter, which should be a random value (for increased security). The following query will return the exact same results as Steve's proposed solution in the 'Correct Answer' section of this QotD :

declare @t nvarchar(200)

select @t = N'This is my string'

select 
  Hashbytes('SHA1', @t)
, Hashbytes('SHA1', @T + N'R@nd0mS!a6lTValue')

I'd say, no matter how many string parts are concatenated, the combined string qualifies as { @input | 'input' } following the HASHBYTES syntax.

Interesting question, though.
Thanks,
Michael
Post #1249587
« Prev Topic | Next Topic »

Add to briefcase
59 posts, Page 1 of 6
12345»»»

Permissions Expand / Collapse

 
 
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.