Register

Forgot Password

Site FAQ

Home > IT Answers > SQL Server > Encrypting passwords on SQL server 2000

SQL Server Ask the Experts

2,585 pts.

Encrypting passwords on SQL server 2000

SQL Server 2000, Password, Encryption, Password field

I m using SQL server 2000 and I want to use a password field for Employee Master. My question is how to encrypt this password field in my insert query. I have heard about the “EncryptByPassPhrase” function and symmetric key, but it is provided from SQL Server 2005. I have tried using pwdencrypt which is working, but how can I decrypt this encrypted password?

ASKED: Mar 11, 2010 7:00 PM GMT

UPDATED: March 19, 2010 2:14:57 PM GMT

RELATED QUESTIONS

Mrdenny

63,630 pts.

Answer Wiki:

If you are using the native password encryption function of SQL 2000 you can't decrypt the value. It is a one way encryption. Your best bet would be to encrypt the value in the application and simply store the encrypted value in the database table.

Last Wiki Answer Submitted: Mar 12, 2010 5:41 AM (GMT) by Mrdenny

63,630 pts.

To see other answers submitted to the Answer Wiki View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Mar 15, 2010 6:01 PM (GMT)

This one way encrypting process can be exactly what you need though. In order to use this encrypted value in the table, have your program encrypt the password that the user types in using the same function that originally encrypted the file so it would look like this (logically)

Encrypt(”password”) -> 2gub3dk9292jfjsdl //this would be stored in the table

And when a user provides credentials, encrypt the password and compare the values.

Encrypt(”notthepass”) ->58jalgjad9g8ere34j

if (2gub3dk9292jfjsdl == 58jalgjad9g8ere34j) // FALSE

if (2gub3dk9292jfjsdl == 2gub3dk9292jfjsdl ) //TRUE

So all you need to do is (assuming you use a temporary database for sessions) is to encrypt the password the user typed in as pwdencrypt and compare the values.

AndrewGauger

105 pts.

POSTED: Mar 19, 2010 2:14 PM (GMT)

Hai guys,

Thus far i am using the following statements for encrypting a password variable in sql server 2005

OPEN SYMMETRIC KEY SecureSymmetricKey1
DECRYPTION BY PASSWORD = N’StrongPassword’;

DECLARE @encrypted_str VARBINARY(MAX)
select @encrypted_str=EncryptByKey(Key_GUID(’SecureSymmetricKey1′),@Password)
Is this a good practice or any other approach for doing this…

ClickSSL

20 pts.

Ask a Question

Browse IT Answers by Topic

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2012, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags