Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Encrypting Data With the Encrypt Function


Encrypting Data With the Encrypt Function

Author
Message
Max Howell
Max Howell
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 1
Hi guys,
Nice to meet you here,
I'm author of xp_crypt(www.vtc.ru/~andrey/xp_crypt). You can easily encrypt with strong RSA encryption all what you want just with simple sql scripts.
On my web page, i included all needed examples. And if you dont need encrypt strings longer then 21 chars and with key length more then 256 bits , so for you its free
Besides, it contains DES and SHA1 hashes with unlimited string length.

Thank you for attention.



Edited by - Andrey Kubyshev on 09/15/2001 07:51:13 AM

Edited by - Andrey Kubyshev on 09/15/2001 07:53:25 AM



rpicchi
rpicchi
SSC Journeyman
SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)

Group: General Forum Members
Points: 81 Visits: 6
La encripción que hace esa función es muy fácilmente decifrable, como para usarla en cualquier ambiente. Solo guarda los caracteres en hexadecimal (2 bytes en hexa para cada uno, donde el segundo es 00) Lo que pasa al hacer select, es que solo ves el primer byte. Si te fijas, (en tu ejemplo) al hacer:

select * from users where UserPW=0x5400650073007400500057003200
T e s T P W 2
te devuelve:

TestUser2 T
Me parece muy malo que recomiendes esto como método de encripción.

Rafael Picchi
Argentina
rafap@uol.com.ar



shauntj
shauntj
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 1
This may be useful, feedback is certainly most welcome.

1) How does one perform validation processes in SQL2K?
Below is a script that demonstrates a column that has accepted encrypted values, it then returns a row based on input that undergoes an encryption.
THIS IS NOT SUPPORTED BY MICROSOFT >>WAS IT EVER???<<
<I hope it fits>

SET NOCOUNT ON
GO

/*
Author: Shaun Tinline-Jones
Create Date: 2003/05/13

Purpose:
Testing some logic around the Encrypt function
*/
USE Northwind
GO

IF OBJECTPROPERTY(OBJECT_ID(N'dbo.Test_Encrypt'), N'IsTable') = 1
DROP TABLE dbo.Test_Encrypt
GO

-- We need to store the values in a field that holds the result of the encryption
CREATE TABLE dbo.Test_Encrypt
(
Gambler sql_variant NOT NULL
-- Gambler nvarchar(25) NOT NULL
)
GO

/**************************** We have some gamblers *********************************/
DECLARE @Name nvarchar(25) --sql_variant

SELECT @Name = ENCRYPT(N'Shaun')

INSERT INTO dbo.Test_Encrypt(Gambler) VALUES (ENCRYPT(@Name))
INSERT INTO dbo.Test_Encrypt(Gambler) VALUES (ENCRYPT(N'Grant'))
INSERT INTO dbo.Test_Encrypt(Gambler) VALUES (ENCRYPT(N'Jacye'))

SELECT Gambler FROM dbo.Test_Encrypt
GO

/******************************** Now let's get that winner ****************************/
DECLARE @Winner nvarchar(25)

SET @Winner = N'Shaun'

SELECT N'and the lotto winner is.......' + @Winner FROM dbo.Test_Encrypt WHERE Gambler = ENCRYPT(@Winner) --@Encrypted_Winner
GO

SET NOCOUNT OFF
GO

2) How does one deal with the upgrade?
The encrypt function is now, correctly stated by Jacye, using the windows CryptoAPI. So yes it is different from other versions of SQL Server and also suffers the same exposure to cracking>>Whatever that may be<< as this API .

The best is to use a query that takes a first time user, that is first time since upgrade, check it against a SQL Server 7.0 with the password table. If it succeeds, run customer created encryption algorithm, even if it is the straight Windows CryptoAPI, (as opposed to the SQL2K function) and store the result in the SQL Server instance and record that the user has upgraded.

This will handle the upgrade in a controlled fashion, while remaining transparent to the user community as well as protect the customer from the possible deprecation of the ENCRYPT function.



diogenes1331
diogenes1331
SSC Journeyman
SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)

Group: General Forum Members
Points: 98 Visits: 54
quote:

La encripción que hace esa función es muy fácilmente decifrable, como para usarla en cualquier ambiente. Solo guarda los caracteres en hexadecimal (2 bytes en hexa para cada uno, donde el segundo es 00) Lo que pasa al hacer select, es que solo ves el primer byte. Si te fijas, (en tu ejemplo) al hacer:

select * from users where UserPW=0x5400650073007400500057003200
T e s T P W 2
te devuelve:

TestUser2 T
Me parece muy malo que recomiendes esto como método de encripción.

Rafael Picchi
Argentina
rafap@uol.com.ar








diogenes1331
diogenes1331
SSC Journeyman
SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)SSC Journeyman (98 reputation)

Group: General Forum Members
Points: 98 Visits: 54
quote:

La encripción que hace esa función es muy fácilmente decifrable, como para usarla en cualquier ambiente. Solo guarda los caracteres en hexadecimal (2 bytes en hexa para cada uno, donde el segundo es 00) Lo que pasa al hacer select, es que solo ves el primer byte. Si te fijas, (en tu ejemplo) al hacer:

select * from users where UserPW=0x5400650073007400500057003200
T e s T P W 2
te devuelve:

TestUser2 T
Me parece muy malo que recomiendes esto como método de encripción.

Rafael Picchi
Argentina
rafap@uol.com.ar




Try this one to confirm your idea:

SET NOCOUNT ON
SELECT ENCRYPT('TestPW1')
SELECT ENCRYPT('TestPW2')
SELECT ENCRYPT('TestPW3')

SET NOCOUNT ON
SELECT ENCRYPT('TestPW1')
SELECT ENCRYPT('UestPW1')
SELECT ENCRYPT('VestPW1')
[url][/url]



rpicchi
rpicchi
SSC Journeyman
SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)

Group: General Forum Members
Points: 81 Visits: 6
Probé en un sql 2000 SP2 y anda mal (la encripción es la que yo comenté anteriormente y no debe usarse).
En cambio, en un sql 7.0 SP4, aparentemente anda ok.
Lo que me parece que no es muy bueno en basarse en funciones no documentadas como ENCRYPT(), viendo que cambian con las versiones del motor.
Saludos,

Rafael Picchi
rafap@uol.com.ar


quote:

quote:

La encripción que hace esa función es muy fácilmente decifrable, como para usarla en cualquier ambiente. Solo guarda los caracteres en hexadecimal (2 bytes en hexa para cada uno, donde el segundo es 00) Lo que pasa al hacer select, es que solo ves el primer byte. Si te fijas, (en tu ejemplo) al hacer:

select * from users where UserPW=0x5400650073007400500057003200
T e s T P W 2
te devuelve:

TestUser2 T
Me parece muy malo que recomiendes esto como método de encripción.

Rafael Picchi
Argentina
rafap@uol.com.ar




Try this one to confirm your idea:

SET NOCOUNT ON
SELECT ENCRYPT('TestPW1')
SELECT ENCRYPT('TestPW2')
SELECT ENCRYPT('TestPW3')

SET NOCOUNT ON
SELECT ENCRYPT('TestPW1')
SELECT ENCRYPT('UestPW1')
SELECT ENCRYPT('VestPW1')
[url][/url]







nicerguy
nicerguy
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 1
What the hell are you thinking? You guys are just converting the string to a double-byte character string and type-casting it as a numerical. Hello?

0x5400 = 84 = 'T'
0x6500 = 101 = 'e'
0x7300 = 115 = 's'
0x7400 = 116 = 't'
0x5000 = 80 = 'P'
0x5700 = 119 = 'w'
0x3100 = 49 = '1'



Andy Warren
Andy Warren
SSCertifiable
SSCertifiable (7.3K reputation)SSCertifiable (7.3K reputation)SSCertifiable (7.3K reputation)SSCertifiable (7.3K reputation)SSCertifiable (7.3K reputation)SSCertifiable (7.3K reputation)SSCertifiable (7.3K reputation)SSCertifiable (7.3K reputation)

Group: Moderators
Points: 7269 Visits: 2681
Please keep your comments professional. Disagreeing is fine. Being disrespectful is not. Thanks.

Andy
http://www.sqlservercentral.com/columnists/awarren/

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Oskar Austegard-253928
Oskar Austegard-253928
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 3
Uhm - executing this in SQL 2000

select ENCRYPT('abc123')

yields

0x610062006300310032003300

So I'd have to say you're wrong.
Oskar Austegard-253928
Oskar Austegard-253928
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 3
Yikes. So much for that idea, then.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search