SQL Server 2005: How to hash a column? - 未名空间MITBBS历史存档

国际科技财经博客移民网络热点娱乐民生时事公众号

Redian新闻

>未名空间

>Database - 数据库

SQL Server 2005: How to hash a column?

SQL Server 2005: How to hash a column?# Database - 数据库

y*o2007-06-19 07:06

1 楼

I have a users table in SQL Server 2005. It has the following fields:
userid (the primary key)
user_first_name nvarchar(20)
user_last_name nvarchar(20)
user_password varbinary(50)
I don't wanna store user_password as plain text. How do I encrypt or hash it
when I insert a record? I know in MySQL, we can do something like
INSERT INTO USERS VALUE ('johndoe', 'John', 'Doe', password('sikulito'));
Thanks.

y*o2007-06-19 07:06

2 楼

it
OK, I got it. We can use the HashBytes function and say
INSERT INTO USERS
VALUE ('johndoe', 'John', 'Doe', HashBytes('MD5', 'sikulito'));

【在 y********o 的大作中提到】

: I have a users table in SQL Server 2005. It has the following fields:
: userid (the primary key)
: user_first_name nvarchar(20)
: user_last_name nvarchar(20)
: user_password varbinary(50)
: I don't wanna store user_password as plain text. How do I encrypt or hash it
: when I insert a record? I know in MySQL, we can do something like
: INSERT INTO USERS VALUE ('johndoe', 'John', 'Doe', password('sikulito'));
: Thanks.

y*o2007-06-19 07:06

3 楼

Yes, thx. I read something about that, too. It is more complicated than ha
shing and it seems that passwords are better hashed than encrypted.

y*o2007-06-19 07:06

4 楼

Oh, is that right? I thought that 1-way hash isn't reversible. Good to know.

y*o2007-06-19 07:06

5 楼

Guess what, I googled out one site:
http://md5.benramsey.com/
It did successfully reverse the hash of 'abc123'. But not any of my real pa
sswords, :-)
It looks like the hash reversal engine above has a small dictionary of hashe
d entries. If you just use your name initials plus your birth date as your
password, it won't be able to reverse it.

that
"
for

y*o2007-06-19 07:06

6 楼

Is it public key encryption?

that they simply use dictionary lookup (or maybe a very little guessing work
). Consider this, if somebody gets your data, he can run the Brute-force
attack freely on his comput
result is verifiable; for certificate/key encryption, you cannot guess
because there is no way to verify if your guess is correct or not.

y*o2007-06-19 07:06

7 楼

Yes, I understand public-key encryption. I was asking if the type of encryp
tion you were talking about in SQL Server is asymmetric.

encryption.
connected to private key, i.e. you encrypt the data using the public key,
then to decrypt it, you must use the corresponding private key. As you have
said, HASH is one-way, no d

y*o2007-06-19 07:06

8 楼

gotcha, thx.