Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««123»»

Encrypting Data With the Encrypt Function Expand / Collapse
Author
Message
Posted Saturday, September 15, 2001 7:49 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, June 9, 2006 1:05 AM
Points: 3, Visits: 1
Hi guys,
Nice to meet you here,
I'm author of xp_crypt(www.vtc.ru/~andrey/xp_crypt). You can easily encrypt with strong RSA encryption all what you want just with simple sql scripts.
On my web page, i included all needed examples. And if you dont need encrypt strings longer then 21 chars and with key length more then 256 bits , so for you its free
Besides, it contains DES and SHA1 hashes with unlimited string length.

Thank you for attention.



Edited by - Andrey Kubyshev on 09/15/2001 07:51:13 AM

Edited by - Andrey Kubyshev on 09/15/2001 07:53:25 AM



Post #20044
Posted Thursday, February 21, 2002 5:08 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Wednesday, November 20, 2013 10:52 AM
Points: 81, Visits: 6
La encripción que hace esa función es muy fácilmente decifrable, como para usarla en cualquier ambiente. Solo guarda los caracteres en hexadecimal (2 bytes en hexa para cada uno, donde el segundo es 00) Lo que pasa al hacer select, es que solo ves el primer byte. Si te fijas, (en tu ejemplo) al hacer:

select * from users where UserPW=0x5400650073007400500057003200
T e s T P W 2
te devuelve:

TestUser2 T
Me parece muy malo que recomiendes esto como método de encripción.

Rafael Picchi
Argentina
rafap@uol.com.ar





Post #20045
Posted Tuesday, May 13, 2003 12:44 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, February 14, 2005 1:02 PM
Points: 1, Visits: 1
This may be useful, feedback is certainly most welcome.

1) How does one perform validation processes in SQL2K?
Below is a script that demonstrates a column that has accepted encrypted values, it then returns a row based on input that undergoes an encryption.
THIS IS NOT SUPPORTED BY MICROSOFT >>WAS IT EVER???<<
<I hope it fits>

SET NOCOUNT ON
GO

/*
Author: Shaun Tinline-Jones
Create Date: 2003/05/13

Purpose:
Testing some logic around the Encrypt function
*/
USE Northwind
GO

IF OBJECTPROPERTY(OBJECT_ID(N'dbo.Test_Encrypt'), N'IsTable') = 1
DROP TABLE dbo.Test_Encrypt
GO

-- We need to store the values in a field that holds the result of the encryption
CREATE TABLE dbo.Test_Encrypt
(
Gambler sql_variant NOT NULL
-- Gambler nvarchar(25) NOT NULL
)
GO

/**************************** We have some gamblers *********************************/
DECLARE @Name nvarchar(25) --sql_variant

SELECT @Name = ENCRYPT(N'Shaun')

INSERT INTO dbo.Test_Encrypt(Gambler) VALUES (ENCRYPT(@Name))
INSERT INTO dbo.Test_Encrypt(Gambler) VALUES (ENCRYPT(N'Grant'))
INSERT INTO dbo.Test_Encrypt(Gambler) VALUES (ENCRYPT(N'Jacye'))

SELECT Gambler FROM dbo.Test_Encrypt
GO

/******************************** Now let's get that winner ****************************/
DECLARE @Winner nvarchar(25)

SET @Winner = N'Shaun'

SELECT N'and the lotto winner is.......' + @Winner FROM dbo.Test_Encrypt WHERE Gambler = ENCRYPT(@Winner) --@Encrypted_Winner
GO

SET NOCOUNT OFF
GO

2) How does one deal with the upgrade?
The encrypt function is now, correctly stated by Jacye, using the windows CryptoAPI. So yes it is different from other versions of SQL Server and also suffers the same exposure to cracking>>Whatever that may be<< as this API .

The best is to use a query that takes a first time user, that is first time since upgrade, check it against a SQL Server 7.0 with the password table. If it succeeds, run customer created encryption algorithm, even if it is the straight Windows CryptoAPI, (as opposed to the SQL2K function) and store the result in the SQL Server instance and record that the user has upgraded.

This will handle the upgrade in a controlled fashion, while remaining transparent to the user community as well as protect the customer from the possible deprecation of the ENCRYPT function.




Post #20046
Posted Thursday, May 15, 2003 11:21 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Monday, November 15, 2010 4:06 PM
Points: 98, Visits: 54
quote:

La encripción que hace esa función es muy fácilmente decifrable, como para usarla en cualquier ambiente. Solo guarda los caracteres en hexadecimal (2 bytes en hexa para cada uno, donde el segundo es 00) Lo que pasa al hacer select, es que solo ves el primer byte. Si te fijas, (en tu ejemplo) al hacer:

select * from users where UserPW=0x5400650073007400500057003200
T e s T P W 2
te devuelve:

TestUser2 T
Me parece muy malo que recomiendes esto como método de encripción.

Rafael Picchi
Argentina
rafap@uol.com.ar









Post #20047
Posted Thursday, May 15, 2003 11:23 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Monday, November 15, 2010 4:06 PM
Points: 98, Visits: 54
quote:

La encripción que hace esa función es muy fácilmente decifrable, como para usarla en cualquier ambiente. Solo guarda los caracteres en hexadecimal (2 bytes en hexa para cada uno, donde el segundo es 00) Lo que pasa al hacer select, es que solo ves el primer byte. Si te fijas, (en tu ejemplo) al hacer:

select * from users where UserPW=0x5400650073007400500057003200
T e s T P W 2
te devuelve:

TestUser2 T
Me parece muy malo que recomiendes esto como método de encripción.

Rafael Picchi
Argentina
rafap@uol.com.ar




Try this one to confirm your idea:

SET NOCOUNT ON
SELECT ENCRYPT('TestPW1')
SELECT ENCRYPT('TestPW2')
SELECT ENCRYPT('TestPW3')

SET NOCOUNT ON
SELECT ENCRYPT('TestPW1')
SELECT ENCRYPT('UestPW1')
SELECT ENCRYPT('VestPW1')
[url][/url]




Post #20048
Posted Thursday, May 15, 2003 2:14 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Wednesday, November 20, 2013 10:52 AM
Points: 81, Visits: 6
Probé en un sql 2000 SP2 y anda mal (la encripción es la que yo comenté anteriormente y no debe usarse).
En cambio, en un sql 7.0 SP4, aparentemente anda ok.
Lo que me parece que no es muy bueno en basarse en funciones no documentadas como ENCRYPT(), viendo que cambian con las versiones del motor.
Saludos,

Rafael Picchi
rafap@uol.com.ar


quote:

quote:

La encripción que hace esa función es muy fácilmente decifrable, como para usarla en cualquier ambiente. Solo guarda los caracteres en hexadecimal (2 bytes en hexa para cada uno, donde el segundo es 00) Lo que pasa al hacer select, es que solo ves el primer byte. Si te fijas, (en tu ejemplo) al hacer:

select * from users where UserPW=0x5400650073007400500057003200
T e s T P W 2
te devuelve:

TestUser2 T
Me parece muy malo que recomiendes esto como método de encripción.

Rafael Picchi
Argentina
rafap@uol.com.ar




Try this one to confirm your idea:

SET NOCOUNT ON
SELECT ENCRYPT('TestPW1')
SELECT ENCRYPT('TestPW2')
SELECT ENCRYPT('TestPW3')

SET NOCOUNT ON
SELECT ENCRYPT('TestPW1')
SELECT ENCRYPT('UestPW1')
SELECT ENCRYPT('VestPW1')
[url][/url]








Post #20049
Posted Tuesday, July 15, 2003 4:59 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, July 16, 2003 12:00 AM
Points: 1, Visits: 1
What the hell are you thinking? You guys are just converting the string to a double-byte character string and type-casting it as a numerical. Hello?

0x5400 = 84 = 'T'
0x6500 = 101 = 'e'
0x7300 = 115 = 's'
0x7400 = 116 = 't'
0x5000 = 80 = 'P'
0x5700 = 119 = 'w'
0x3100 = 49 = '1'



Post #20050
Posted Wednesday, July 16, 2003 3:11 AM
SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: Moderators
Last Login: Tuesday, October 14, 2014 7:15 AM
Points: 6,785, Visits: 1,901
Please keep your comments professional. Disagreeing is fine. Being disrespectful is not. Thanks.

Andy
http://www.sqlservercentral.com/columnists/awarren/




Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Post #20051
Posted Tuesday, May 30, 2006 10:15 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, July 30, 2008 12:29 PM
Points: 5, Visits: 3
Uhm - executing this in SQL 2000

select ENCRYPT('abc123')

yields

0x610062006300310032003300

So I'd have to say you're wrong.
Post #283644
Posted Tuesday, May 30, 2006 10:41 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, July 30, 2008 12:29 PM
Points: 5, Visits: 3
Yikes. So much for that idea, then.
Post #283653
« Prev Topic | Next Topic »

Add to briefcase ««123»»

Permissions Expand / Collapse