Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12345»»»

HASHBYTES Expand / Collapse
Author
Message
Posted Thursday, February 9, 2012 3:45 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: 2 days ago @ 9:17 AM
Points: 1,029, Visits: 2,335
0xB9A02E529093456D139C69FC5E5D4D825B7EC24B 0xCDE457DD8AB6C020E9852FE5B6953E02631A2CB2

this is the output of your query, just wanted to know what you mean by "exact same results"....?


ww; Raghu
--
The first and the hardest SQL statement I have wrote- "select * from customers" - and I was happy and felt smart.
Post #1249592
Posted Thursday, February 9, 2012 3:51 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Friday, November 23, 2012 5:08 AM
Points: 51, Visits: 43
hearing for the first time about hashbytes.. good platform to learn new things...
Post #1249593
Posted Thursday, February 9, 2012 4:06 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Thursday, November 20, 2014 12:02 AM
Points: 2,292, Visits: 315
Find some thoughts about this topic here:
http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/6002f5a4-19a0-4a11-a569-e112375d3efa/
Post #1249598
Posted Thursday, February 9, 2012 4:09 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Tuesday, July 9, 2013 11:12 PM
Points: 1,263, Visits: 1,081
Raghavendra Mudugal (2/9/2012)
0xB9A02E529093456D139C69FC5E5D4D825B7EC24B 0xCDE457DD8AB6C020E9852FE5B6953E02631A2CB2

this is the output of your query, just wanted to know what you mean by "exact same results"....?


The result is exactly the same as when running Steve's code (see the solution to the QotD in this thread).
-Michael
Post #1249601
Posted Thursday, February 9, 2012 4:14 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Tuesday, July 9, 2013 11:12 PM
Points: 1,263, Visits: 1,081
From a coding perspective (having a random salt parameter), this URL to a post on stackoverflow.com has a nice twist to the matter.

Cheers,
Michael
Post #1249602
Posted Thursday, February 9, 2012 5:02 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Monday, October 13, 2014 8:02 AM
Points: 1,262, Visits: 13,556
very good question with a complex understanding (when is necessary translate for another language)!
today, I learned anything!!!



rfr.ferrari
DBA - SQL Server 2008
MCITP | MCTS

remember is live or suffer twice!
Post #1249615
Posted Thursday, February 9, 2012 5:31 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Wednesday, November 12, 2014 9:31 AM
Points: 1,890, Visits: 2,192
Thanks for the question. Hoever, I got it wrong because I used this source:

http://msdn.microsoft.com/en-us/library/cc837966(SQL.100).aspx

which says:

"It is not possible to specify the salt value in SQL Server."

Can someone please expain why this is wrong? Or why I have interpreted it incorrectly. Thanks!



Please don't go. The drones need you. They look up to you.
Connect to me on LinkedIn
Post #1249628
Posted Thursday, February 9, 2012 5:33 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Tuesday, September 30, 2014 7:38 AM
Points: 1,823, Visits: 904
GPO (2/8/2012)
The SALE string? This confused me!

Yeah, I decided SALE had to be a typo for SALT. (If that isn't want happened, someone please yell... I'm still assuming.)
Post #1249630
Posted Thursday, February 9, 2012 5:39 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 2:38 AM
Points: 7,850, Visits: 9,600
ma-516002 (2/9/2012)
Find some thoughts about this topic here:
http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/6002f5a4-19a0-4a11-a569-e112375d3efa/

I hope no-one who reads that thread gets confused and is infected by this crazy notion that Hashbytes does internal salting! As Russel Fields points out: "HASHBYTES does not, in itself, use a salt key" - but despite that clear (and accurate) statement the OP (Dboy888) remained unconvinced.

Anyone who wants to can use the MDn or SHA1 servers available on the web to caculate some hashes, and then calculate the same hashes using hashbytes: they will find that hashbytes produces the same standard results as the things on the web - so clearly there is no salting going on in there.


Tom
Post #1249633
Posted Thursday, February 9, 2012 5:51 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: 2 days ago @ 2:48 AM
Points: 1,156, Visits: 1,123
Blimey - a question I could answer correctly without needing to do some reading first!
Post #1249640
« Prev Topic | Next Topic »

Add to briefcase ««12345»»»

Permissions Expand / Collapse