当前在线人数10755
首页 - 分类讨论区 - 电脑网络 - 数据库版 - 同主题阅读文章

此篇文章共收到打赏
0

  • 10
  • 20
  • 50
  • 100
您目前伪币余额:0
未名交友
[更多]
[更多]
SQL Server 2005: How to hash a column?
[版面:数据库][首篇作者:yiyayiyayo] , 2007年06月19日16:44:07 ,975次阅读,13次回复
来APP回复,赚取更多伪币 关注本站公众号:
[分页:1 ]
yiyayiyayo
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 1 ]

发信人: yiyayiyayo (I live, so I gamble.), 信区: Database
标  题: SQL Server 2005: How to hash a column?
发信站: BBS 未名空间站 (Tue Jun 19 16:44:07 2007)

I have a users table in SQL Server 2005.  It has the following fields:

userid (the primary key)
user_first_name nvarchar(20)
user_last_name nvarchar(20)
user_password varbinary(50)

I don't wanna store user_password as plain text. How do I encrypt or hash it
when I insert a record?  I know in MySQL, we can do something like

INSERT INTO USERS VALUE ('johndoe', 'John', 'Doe', password('sikulito'));

Thanks.
--

※ 来源:·WWW 未名空间站 海外: mitbbs.com 中国: mitbbs.cn·[FROM: 67.109.]

 
yiyayiyayo
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 2 ]

发信人: yiyayiyayo (I live, so I gamble.), 信区: Database
标  题: Re: SQL Server 2005: How to hash a column?
发信站: BBS 未名空间站 (Tue Jun 19 16:55:00 2007)

【 在 yiyayiyayo (I live, so I gamble.) 的大作中提到: 】
: I have a users table in SQL Server 2005.  It has the following fields:
: userid (the primary key)
: user_first_name nvarchar(20)
: user_last_name nvarchar(20)
: user_password varbinary(50)
: I don't wanna store user_password as plain text. How do I encrypt or hash
it
:  when I insert a record?  I know in MySQL, we can do something like
: INSERT INTO USERS VALUE ('johndoe', 'John', 'Doe', password('sikulito'));
: Thanks.

OK, I got it.  We can use the HashBytes function and say

INSERT INTO USERS
VALUE ('johndoe', 'John', 'Doe', HashBytes('MD5', 'sikulito'));



--
※ 修改:·yiyayiyayo 於 Jun 19 16:55:37 2007 修改本文·[FROM: 67.109.]

 
yiyayiyayo
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 3 ]

发信人: yiyayiyayo (I live, so I gamble.), 信区: Database
标  题: Re: SQL Server 2005: How to hash a column?
发信站: BBS 未名空间站 (Mon Jun 25 22:26:15 2007), 转信

Yes, thx.  I read something about that, too.  It is more complicated than ha
shing and it seems that passwords are better hashed than encrypted.


【 在 tolive (Dream Weaver) 的大作中提到: 】
: You may use SQL 2005's integrated encryption. First create a certificate,
: then use encryptbycert /
: decryptbycert functions.



--

※ 来源:·BBS 未名空间站 海外: mitbbs.com 中国: mitbbs.cn·[FROM: 69.139.]

 
yiyayiyayo
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 4 ]

发信人: yiyayiyayo (I live, so I gamble.), 信区: Database
标  题: Re: SQL Server 2005: How to hash a column?
发信站: BBS 未名空间站 (Mon Jun 25 23:02:30 2007), 转信

Oh, is that right? I thought that 1-way hash isn't reversible.  Good to know.

【 在 tolive (Dream Weaver) 的大作中提到: 】
: It all depends on your needs. If you only need to scramble data, HASH is
: fine, but it's subject to dictionary
: lookup reverse, people who gets the HASH data can reverse most of them. By
: using EncryptByCert, without
: the server certificate, you won't be able to decrypt the data.
: ha



--

※ 来源:·BBS 未名空间站 海外: mitbbs.com 中国: mitbbs.cn·[FROM: 69.139.]

 
yiyayiyayo
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 5 ]

发信人: yiyayiyayo (I live, so I gamble.), 信区: Database
标  题: Re: SQL Server 2005: How to hash a column?
发信站: BBS 未名空间站 (Tue Jun 26 22:53:00 2007), 转信

Guess what, I googled out one site:

http://md5.benramsey.com/

It did successfully reverse the hash of 'abc123'.  But not any of my real pa
sswords, :-)

It looks like the hash reversal engine above has a small dictionary of hashe
d entries.  If you just use your name initials plus your birth date as your
password, it won't be able to reverse it.



【 在 tolive (Dream Weaver) 的大作中提到: 】
: You're right, HASH is one-way and non-reversible, but the problem is, HASH
: doesn't use any "key" to
: "encrypt" the data, it only scramble the data using a fixed algorithm,
that
: being said, for the string
: "password", its HASH result is fixed (and unique), other people can "guess
"
: your original data, compare the
: HASH result with your HASH result, if the results match, then he "decrypt"
: your data. Google "HASH
: Reverse", you'll find many website provide the dictionary lookup reverse
for
:  HASH code, sure if your
: ...................


--

※ 修改:·yiyayiyayo 于 Jun 26 22:53:18 修改本文·[FROM: 69.139.]
※ 来源:·BBS 未名空间站 海外: mitbbs.com 中国: mitbbs.cn·[FROM: 69.139.]

 
yiyayiyayo
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 6 ]

发信人: yiyayiyayo (I live, so I gamble.), 信区: Database
标  题: Re: SQL Server 2005: How to hash a column?
发信站: BBS 未名空间站 (Tue Jun 26 23:58:32 2007), 转信

Is it public key encryption?

【 在 tolive (Dream Weaver) 的大作中提到: 】
: It makes sense, when you try to reverse a hash on those websites, I guess
that they simply use dictionary lookup (or maybe a very little guessing work
). Consider this, if somebody gets your data, he can run the Brute-force
attack freely on his comput
: The KEY is: it's POSSIBLE to decrypt a HASH with the data ONLY because the
result is verifiable; for certificate/key encryption, you cannot guess
because there is no way to verify if your guess is correct or not.
: pa
: hashe
: your



--

※ 来源:·BBS 未名空间站 海外: mitbbs.com 中国: mitbbs.cn·[FROM: 69.139.]

 
yiyayiyayo
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 7 ]

发信人: yiyayiyayo (I live, so I gamble.), 信区: Database
标  题: Re: SQL Server 2005: How to hash a column?
发信站: BBS 未名空间站 (Wed Jun 27 22:32:04 2007), 转信

Yes, I understand public-key encryption.  I was asking if the type of encryp
tion you were talking about in SQL Server is asymmetric.


【 在 tolive (Dream Weaver) 的大作中提到: 】
: Well, in my understanding, I don't think HASH is a kind of public key
encryption.
: Speaking of public key, it refers to asymmetric algorithm, and should be
connected to private key, i.e. you encrypt the data using the public key,
then to decrypt it, you must use the corresponding private key. As you have
said, HASH is one-way, no d
: work



--

※ 来源:·BBS 未名空间站 海外: mitbbs.com 中国: mitbbs.cn·[FROM: 69.139.]

 
yiyayiyayo
进入未名形象秀
我的博客
[回复] [回信给作者] [本篇全文] [本讨论区] [修改] [删除] [转寄] [转贴] [收藏] [举报] [ 8 ]

发信人: yiyayiyayo (I live, so I gamble.), 信区: Database
标  题: Re: SQL Server 2005: How to hash a column?
发信站: BBS 未名空间站 (Thu Jun 28 20:39:14 2007), 转信

gotcha, thx.

【 在 tolive (Dream Weaver) 的大作中提到: 】
: Yes it is asymmetric encryption.
: encryp
: have



--

※ 来源:·BBS 未名空间站 海外: mitbbs.com 中国: mitbbs.cn·[FROM: 69.139.]

[分页:1 ]
[快速返回] [ 进入数据库讨论区] [返回顶部]
回复文章
标题:
内 容:

未名交友
将您的链接放在这儿

友情链接


 

Site Map - Contact Us - Terms and Conditions - Privacy Policy

版权所有,未名空间(mitbbs.com),since 1996