Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Steve Jones Algorithm Secrecy is not Security RE: Algorithm Secrecy is not Security

  • March 17, 2013 at 1:28 pm

    #1597909

    umailedit (3/16/2013)

    "SHA2 is recommended. Unfortunately you would have to upgrade to SQL Server 2012 in order to use this algorithm. "

    You should never use hashing algorithms to store password. If sql is indeed using sha1 and sha2 then it is using weak algorithms for password storage. Hashing algorithms are designed to be quick for digesting large blocks of text. To encrypt passwords we need a SLOW algorithm so that it is difficult to try it that many times. Something like twofish or blowfish encrypting the password with itself (for one way).

    Not sure I agree. Plenty of people recommend using one-way hashes for passwords: http://stackoverflow.com/questions/2549988/whats-the-recommended-hashing-algorithm-to-use-for-stored-passwords