views:

131

answers:

1

I need to store a password has in a SQL server 2000 database. The information isn't critical but I really don't want to store the password in clear text. How can I get a unique hash (sha, sha1, md5, etc) in SQL server 2000 as HashBytes isn't available.

I'm not looking for compiled DLL or the ilk, I dont have access to the server, needs to be pure MS SQL.

+1  A: 

There are undocumented (until later versions) functions in MS SQL Server 2000 called pwdencrypt() and pwdcompare().

See this blog: Undocumented SQL Server 2000 Functions

Or on MSDN books online:

However, this function has been known to be insecure since at least 2002. For some details see "Cracking MS SQL Server passwords" at TheRegister. I guess that's why it got replaced by Hashbytes.

If you can't upgrade your SQL Server instance or use any add-ons, this might be the best you can do. Unless you hash the password in application code and store the resulting digest string, leaving the SQL Server out of the loop.

Bill Karwin