SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


HASHBYTES


HASHBYTES

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)SSC Guru (251K reputation)

Group: Administrators
Points: 251340 Visits: 19818
Comments posted to this topic are about the item HASHBYTES

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Henrico Bekker
Henrico Bekker
SSChampion
SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)

Group: General Forum Members
Points: 12469 Visits: 5244
Good one thanks.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This thing is addressing problems that dont exist. Its solution-ism at its worst. We are dumbing down machines that are inherently superior. - Gilfoyle
GPO
GPO
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2305 Visits: 1944
Add the sale string


The SALE string? This confused me! :-P

:-)

One of the symptoms of an approaching nervous breakdown is the belief that one's work is terribly important.
Bertrand Russell

Koen Verbeeck
Koen Verbeeck
SSC Guru
SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)

Group: General Forum Members
Points: 111919 Visits: 13338
Good question, had to do a bit of research, but the MSDN link doesn't really back-up the explanation as it doesn't mention salt anywhere.

edit: in this thread, an MVP does the suggestion of adding a salt to the string itself.
http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/6002f5a4-19a0-4a11-a569-e112375d3efa/


How to post forum questions.
Need an answer? No, you need a question.
What’s the deal with Excel & SSIS?
My blog at SQLKover.

MCSE Business Intelligence - Microsoft Data Platform MVP
Michael Riemer
Michael Riemer
Hall of Fame
Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)Hall of Fame (3.4K reputation)

Group: General Forum Members
Points: 3432 Visits: 667
Have to agree that the SALE string confused me too. Otherwise it was a fairly simple question - Thanks
Stewart "Arturius" Campbell
Stewart "Arturius" Campbell
One Orange Chip
One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)

Group: General Forum Members
Points: 27567 Visits: 7551
Thanks for the question, Steve.
took a fair bit of digging to find this.

One would expect MS to allow an optional parameter for salt to the HASHBYTES function...

____________________________________________
Space, the final frontier? not any more...
All limits henceforth are self-imposed.
“libera tute vulgaris ex”
M&M
M&M
SSCrazy Eights
SSCrazy Eights (9.8K reputation)SSCrazy Eights (9.8K reputation)SSCrazy Eights (9.8K reputation)SSCrazy Eights (9.8K reputation)SSCrazy Eights (9.8K reputation)SSCrazy Eights (9.8K reputation)SSCrazy Eights (9.8K reputation)SSCrazy Eights (9.8K reputation)

Group: General Forum Members
Points: 9762 Visits: 3916
No idea about this really. I guessed it and got it wrong :-)

M&M
Raghavendra Mudugal
Raghavendra Mudugal
SSCarpal Tunnel
SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)

Group: General Forum Members
Points: 4632 Visits: 2958
For me this question did not made any sense.

the sample code is just concatenating another variable to it, you can name it @salt to @sugar... still the sample code will not make sense to me.

And in your question, you say as SALT parameter, HASHBYTES does not has any salt parameter, you are just concatenating a variable (declares as salt) - which does not makes as parameter to it.

if you just use this, it gives different results

select hashbytes ('SHA1', 'FIRST')
select hashbytes ('SHA1', 'FIRST' + ' SECOND')

in both cases INPUT value is different, so its obvious the HASH return string will be different. (its a known thing)

My only concern is - question and it's answer does not really suites. I dont think SALT is tech word here in SQL, so it does not paints proper picture.

ww; Raghu
--
The first and the hardest SQL statement I have wrote- "select * from customers" - and I was happy and felt smart.
Tom Thomson
Tom Thomson
SSC-Dedicated
SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)SSC-Dedicated (39K reputation)

Group: General Forum Members
Points: 39769 Visits: 12894
Nice question.

Stewart "Arturius" Campbell (2/9/2012)
One would expect MS to allow an optional parameter for salt to the HASHBYTES function...

Or maybe not - unless perhaps they also provided a parameter to indicate whether the salt should be prepended or appended; Steve's code does the latter, but that's pretty unusual because people who deal with cryptographic matters (like hashing and encryption and key management and secure login and...) are used to prepending a salt (because in front is the only place it's useful in the applications of CBC mode encryption that need a salt).

Tom

michael.kaufmann
michael.kaufmann
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1803 Visits: 1082
Koen Verbeeck (2/9/2012)
but the MSDN link doesn't really back-up the explanation as it doesn't mention salt anywhere.


I'd second this; it's my understanding that concatenating a fixed string as salt (in Steve's example assigned to a variable) to another string can't be considered a salt parameter, which should be a random value (for increased security). The following query will return the exact same results as Steve's proposed solution in the 'Correct Answer' section of this QotD Cool:

declare @t nvarchar(200)

select @t = N'This is my string'

select
Hashbytes('SHA1', @t)
, Hashbytes('SHA1', @T + N'R@nd0mS!a6lTValue')



I'd say, no matter how many string parts are concatenated, the combined string qualifies as { @input | 'input' } following the HASHBYTES syntax.

Interesting question, though.
Thanks,
Michael
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search