| Author |
Topic |
|
sqllover
Constraint Violating Yak Guru
338 Posts |
 Posted - 2007-02-05 : 04:21:56
|
| hi, in my login form i have the password field.so i am sending password to my database table but while sending password has to be encrypted and while returning it has to be decrypted,is it possible to do in database if means please show me some example please |
|
|
Kristen
Test
22859 Posts |
Posted - 2007-02-05 : 04:31:54
|
| pwdencrypt('Some Text Password) will provide a one-way encryption - so you can store that as the encrypted version of the password (e.g. at Registration), and then use the function at Login and compare the encrypted result with that stored from Registration.pwdencrypt is undocumented (AFAIK)Kristen |
 |
|
|
harsh_athalye
Master Smack Fu Yak Hacker
5581 Posts |
Posted - 2007-02-05 : 04:34:07
|
| Peter has taken great pains to bless us with a wonderful implementation of RC4 encryption algorithm. See if you can use it:[url]http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=76258[/url]Harsh AthalyeIndia."The IMPOSSIBLE is often UNTRIED" |
|
|
|
sqllover
Constraint Violating Yak Guru
338 Posts |
Posted - 2007-02-05 : 04:36:43
|
| hi Kristen, how can i decrypt . is there any way to decrypt.pwdencrypt is working for encryption.how can i decrypt for cheacking the password |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2007-02-05 : 04:54:59
|
| The idea is that you use a oneway encryption - therefore there is no possibility of anyone reverse engineering the passwords (although they could use a Dictionary Attack, and you will NOT be able to "Send the user an Email with their password")So, you store the encrypted version of the password, and the original plain text password is never stored anywhere.When the user logs in you Encrypt the password they provide, and then compare the encrypted version with what is stored in the database. If they match the user provided the correct password. No one can hack in to view the password.If you want to store it encrypted AND be able to unencrypt it you need some sort of Public/Private key system. but the problem with that is the Decrypting key will be help either in your code, or in the Registry of the server, or similar, and you run the risk that a hacker will be able to find that.Kristen |
|
|
|
sqllover
Constraint Violating Yak Guru
338 Posts |
Posted - 2007-02-05 : 05:28:06
|
| hi Kristen thanks for ur kind reply |
|
|
|
sqllover
Constraint Violating Yak Guru
338 Posts |
Posted - 2007-02-05 : 05:45:35
|
| hi harsh_athalye, u have tole me to use this link for encryption/decryptionplease help to how to use thisfor example i have password like "harsh_athalye"how can i encrypt and decrypt please tell me how to do using that function which u have shownhttp://www.sqlteam.com/forums/topic.asp?TOPIC_ID=76258 |
|
|
|
harsh_athalye
Master Smack Fu Yak Hacker
5581 Posts |
Posted - 2007-02-05 : 05:55:20
|
You need to use fnEncDecRc4() to do the encryption/decryption.Let's say you have plaintext password 'harsh_athalye' and you want to encrypt it using a key lets say 'sqllover'. You can do it this way:-- returns encrypted passwordSelect dbo.fnEncDecRc4('sqllover', 'harsh_athalye')output (encrypted password):---------------e��N¨��6���u(-- decrypt it using same keyselect dbo.fnEncDecRc4('sqllover', 'e��N¨��6���u(')output-----------------harsh_athalyeHarsh AthalyeIndia."The IMPOSSIBLE is often UNTRIED" |
|
|
|
sqllover
Constraint Violating Yak Guru
338 Posts |
Posted - 2007-02-05 : 06:09:02
|
| hi harsh_athalye thanks a lot,fentastic |
|
|
|
helly69
Starting Member
1 Post |
Posted - 2007-10-31 : 18:18:40
|
| Hihttp://www.sqlteam.com/forums/topic.asp?TOPIC_ID=76258This is a nice function for en- nad decryption. But there is an error in it. If you have the character e on the secound position of the password, the function encrypts only the first character.Regards,Helly |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2007-10-31 : 19:22:13
|
| not to mention that passwords should be hashed and not encrypted..._______________________________________________Causing trouble since 1980blog: http://weblogs.sqlteam.com/mladenpSSMS Add-in that does a few things: www.ssmstoolspack.com |
|
|
|
arorarahul.0688
Posting Yak Master
125 Posts |
Posted - 2007-11-01 : 08:23:00
|
quote:
Originally posted by Kristen
pwdencrypt('Some Text Password) will provide a one-way encryption - so you can store that as the encrypted version of the password (e.g. at Registration), and then use the function at Login and compare the encrypted result with that stored from Registration.pwdencrypt is undocumented (AFAIK)Kristen
HI KRISTENI READ UR ARTICLE AND TRIED THE PWDENCRYPT(12)ITS WRKING WELL ENCRYPTING 12 BT WHEN SECOND TIME I AM USING THIS STATEMENT AT LOGIN TO COMPARE THE ENCRYPTED FORM OF INPUT I.E 12 TO STORED VALUESSECOND TIME USED PEDENCRYPT FUNCTION PRODUCES A NEW ENCRYPTED VALUE ANDNOT MATCHING WITH THE STORED VALUEPLZ HELPREGARDSRahul Arora MCA 07 BatchNCCE Israna, PanipatHRY, INDIA |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2007-11-01 : 10:08:05
|
| Use pwdcompare to compare a plain text password against the store, encrypted, password.Kristen |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2007-11-01 : 12:31:58
|
quote:
Originally posted by helly69
But there is an error in it. If you have the character e on the secound position of the password, the function encrypts only the first character.
Tested and can't find the error.SELECT dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yik', 'This is the secret message.'))) -- FailsSELECT dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yek', 'This is the secret message.'))) -- WorksSELECT dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yak', 'This is the secret message.'))) -- Fails
E 12°55'05.25"N 56°04'39.16" |
|
|
|
saini_balvinder
Starting Member
22 Posts |
Posted - 2008-01-02 : 21:27:47
|
| got a issue with this one..im not sure why..My results are as follows:Select dbo.fnEncDecRc4('Orange12345', 'Hello123')Output : ,M�glSelect dbo.fnEncDecRc4('Orange12345', ',Mgl')Output : �Mi am not able to decrypt it. Any idea why this is hapenning? Does it has to do something with regional settings? |
|
|
|
saurabh122
Starting Member
16 Posts |
Posted - 2008-01-11 : 10:02:16
|
| Hi arorarahul.0688,I have used the same function to encrypt the password and later on comparing a string with the same. The query is as follows:insert into adduser(username,temppassword) values('saurabh',pwdencrypt('p1'))select pwdcompare('p1',temppassword) from adduser where id = 50Hope this helps |
|
|
|
artee
Starting Member
2 Posts |
Posted - 2009-03-09 : 00:38:31
|
| Hi,I have used this function to encrypt SSN numbers in a table that has 80000+ records. This worked great, though it took a long time to encrypt all the SSN fields.I now have a web application that accesses these records and based on a search criteria it dispays the retrieved records after decrypting the SSN numbers on the web page. This works fine if the search criteria returns a small number of records. But if the query returns more than say 50 records it takes a while (around a minute) to display the webpage. I understand that it is taking time because it has to decrypt the SSN number for each record. I can't imagine how long it would take to decrypt and retrieve all the records from this table Is there any other way to speed up this query that decrypts the SSN numbers?I would really appreciate any pointers.Thanks- Artee |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2009-03-09 : 07:12:11
|
If you are using SQL Server 2005, there are other built-in encryption and decryption functions which are faster.
E 12°55'05.63"N 56°04'39.26" |
|
|
|
artee
Starting Member
2 Posts |
Posted - 2009-03-09 : 08:51:14
|
| No, we are still using SQL 2000, but planning to upgrade to 2005 after a few months. In the meantime, how do I get it to run faster.- Artee |
|
|
|
karan01baha
Starting Member
1 Post |
Posted - 2010-07-17 : 10:26:07
|
| Hi ,i have an encrypted password i.e 2e93ddd589b791811389f7bf60d52ea0please decrypt this for me .. thats ma own password which was hacked by sum1 else .. so planning to change ma password .. m tensed help mekaran |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2010-07-17 : 10:51:25
|
If you are going to change your password, just do it with the user interface.None of us here will help you break an application.
N 56°04'39.26"E 12°55'05.63" |
|
|
|
Next Page
|
how to encrypt and decrypt my password