Click here to Skip to main content
12,451,446 members (60,356 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: SQL-server-2005 SQL-Server , +
HI,
How can we hash the passwords in an already existing database? The passwords in the database are in clear text, which is a security issue. I don't want to use the in-built SQL Server hash functions, but create my own application for hashing the passwords. I was thinking of creating another column of datatype varbinary(16) -MD5 hash- and storing the hashed values there and deleting the cleartext password column.
ALso, I read that salting is very important. What do you guys think? Any ideas are most welcome.
Posted 19-Sep-11 16:31pm
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

Storing passwords in plain text is really bad idea. Don't ever do that.

You can convert the password into hash in code level and store in the database as a character string. Are you working with C# or something else?
  Permalink  
v2
Comments
kittydas 20-Sep-11 3:14am
   
C++
CodingLover 20-Sep-11 3:58am
   
I used the following in most of the cases.

http://www.cplusplus.com/reference/std/locale/collate/hash/
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 3

1. Write a quick console app to hash the passwords outside of SQL.
2. Yes, salt.
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 4

You will have to add another column pwd_salt in the database
and generate the pwd_salt randomly

concate pwd + pwd_salt to a string
convert string to bytes
and use computehash function from System.Security.Cryptography.SHA1Managed of .net class to compute hash.
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 5

  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

You can use SQL internal encryption functions
EncryptByPassPhrase[^]
decryptbypassphrase[^]
for encryption of perticular column.

OR

Play your own logic of text encryption.


Simple encrypting and decrypting data in C#[^]

http://www.geekinterview.com/talk/1527-encrypt-password-in-c-net.html[^]
  Permalink  
Comments
Chris Maunder 20-Sep-11 0:27am
   
Encrypting passwords is a bad idea. The poster was asking about hashing. Two very different beasts.
CodingLover 20-Sep-11 0:31am
   
I agreed with Chris.
kittydas 20-Sep-11 3:13am
   
Agreed with Chris too. Hash functions are one-way functions. Encryption is two-way.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web02 | 2.8.160826.1 | Last Updated 20 Sep 2011
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100