y********o 发帖数: 2565 | 1 I have a users table in SQL Server 2005. It has the following fields:
userid (the primary key)
user_first_name nvarchar(20)
user_last_name nvarchar(20)
user_password varbinary(50)
I don't wanna store user_password as plain text. How do I encrypt or hash it
when I insert a record? I know in MySQL, we can do something like
INSERT INTO USERS VALUE ('johndoe', 'John', 'Doe', password('sikulito'));
Thanks. | y********o 发帖数: 2565 | 2
it
OK, I got it. We can use the HashBytes function and say
INSERT INTO USERS
VALUE ('johndoe', 'John', 'Doe', HashBytes('MD5', 'sikulito'));
【在 y********o 的大作中提到】 : I have a users table in SQL Server 2005. It has the following fields: : userid (the primary key) : user_first_name nvarchar(20) : user_last_name nvarchar(20) : user_password varbinary(50) : I don't wanna store user_password as plain text. How do I encrypt or hash it : when I insert a record? I know in MySQL, we can do something like : INSERT INTO USERS VALUE ('johndoe', 'John', 'Doe', password('sikulito')); : Thanks.
| y********o 发帖数: 2565 | 3 Yes, thx. I read something about that, too. It is more complicated than ha
shing and it seems that passwords are better hashed than encrypted. | y********o 发帖数: 2565 | 4 Oh, is that right? I thought that 1-way hash isn't reversible. Good to know. | y********o 发帖数: 2565 | 5 Guess what, I googled out one site:
http://md5.benramsey.com/
It did successfully reverse the hash of 'abc123'. But not any of my real pa
sswords, :-)
It looks like the hash reversal engine above has a small dictionary of hashe
d entries. If you just use your name initials plus your birth date as your
password, it won't be able to reverse it.
that
"
for | y********o 发帖数: 2565 | 6 Is it public key encryption?
that they simply use dictionary lookup (or maybe a very little guessing work
). Consider this, if somebody gets your data, he can run the Brute-force
attack freely on his comput
result is verifiable; for certificate/key encryption, you cannot guess
because there is no way to verify if your guess is correct or not. | y********o 发帖数: 2565 | 7 Yes, I understand public-key encryption. I was asking if the type of encryp
tion you were talking about in SQL Server is asymmetric.
encryption.
connected to private key, i.e. you encrypt the data using the public key,
then to decrypt it, you must use the corresponding private key. As you have
said, HASH is one-way, no d | y********o 发帖数: 2565 | |
|