tags:

views:

941

answers:

2
+3  Q: 

SQL Server PWDEncrypt value comparison

I think what I am about to ask is impossible, however, figured it was worth a shot here.

We have an application that makes use of SQL Servers PWDEncrypt and PWDCompare functions.

Part of the system creates duplicates of users (same logon and password). Due to a bug in the system, instead of copying the binary stored PWDEncrypt of a password it performed another PWDEncrypt of the password. Therefore the binary values do not match.

Is it possible to find out if the two binary values are hashes of the same password?

e.g. PWDEncrypt('abc') = PWDEncrypt('abc')

If I can do this then it means I can find out how many users this bug has actually affected rather than having to deal with thousands!

EDIT: To clarify, PWDEncrypt('abc') = PWDEncrypt('abc') will NOT return true as the passwords are hashed to different values.

Whilst I know its impossible to obtain the password from the hash, PWDCOMPARE('abc', PWDENCRYPT('abc')) works, therefore, internally SQL Server must be doing more than just hashing the password you're comparing and check the values are the same.

A: 

You can just type SELECT CASE WHEN PWDEncrypt('abc') = PWDEncrypt('abc') THEN 1 ELSE 0 END into a query window and see the result.

Joel Coehoorn  2009-04-24 14:19:13
The problem is that PWDEncrypt returns a different value for the same password each time you call it. Therefore, PWDEncrypt('abc') = PWDEncrypt('abc') is always false. I'm wondering if there is another way to do that check.
Robin Day  2009-04-24 14:49:52
That's funny: it returns 1 on my system. The duplicate call must be optimized away: ick!
Joel Coehoorn  2009-04-24 14:53:54
that does not seem to work for me, when I run it, the result is always zero. every time I run PWDEncrypt('abc') a different value is returned
KM  2009-04-24 14:56:50
+1  A: 

It seems that Joel's statement is correct in SQL Server 2000 , but not in SQL Server 2005.

When you generate the hashes together in the same statement in 2000, they end up with the same salt (random seed number at the beginning) which makes them identical. In 2005 a different salt is always generated, so they never match

if you try this on SQL Server 2000:

PRINT PWDEncrypt('abc')
PRINT PWDEncrypt('abc')
PRINT PWDEncrypt('aaa')
PRINT PWDEncrypt('bbb')

you always have the same salt at the beginning of the hash, where as in 2005 its always different. Also notice that in SQL Server 2005, the hash is shorter as it no longer maintains a copy of the hash in uppercase for case in-sensitive password compatibility.

If you can generate the hash with the same salt, then you can compare them (which means trying a brute force or dictionary attack) Have a look at this article on how to do it. It shows you how to crack SQL Server password in C using the CryptCreateHash function.

Nick Kavadias  2009-04-24 23:51:18

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?