|
|
Comments and Discussions
|
|
 |
|
This is free Quran database.
www.behniafar.com/Quran-db.part01.rar
www.behniafar.com/Quran-db.part02.rar
www.behniafar.com/Quran-db.part03.rar
www.behniafar.com/Quran-db.part04.rar
www.behniafar.com/Quran-db.part05.rar
|
|
|
|
|
|
Hi Vic,
I used this function dbo.fn_md5x in SQL 2000 server
CREATE FUNCTION [dbo].[fn_md5x] (@data IMAGE, @len INT = -1)
RETURNS CHAR(32) AS
BEGIN
DECLARE @hash CHAR(32)
EXEC master.dbo.xp_md5 @data, @len, @hash OUTPUT
RETURN @hash
END
I have a table of users with 2 columns with their password. Old PWD as Char(50) -no crypted an new PWDCr as BINARY(16) - crypted. I would convert old pwd to crypted pwdcr by Query. Column PWDCr I want to use for login users from ASP.NET application.
My problem is that ASP.NET send to SQL this value PWDCr = 0x80e0fb9a1a872aab680b4a01089c2570
When i have used this query
update UserASP set PWDCr=dbo.fn_md5x(RTRIM(RTRIM('HelloWorld') + 'salt'),DEFAULT) where id=99999 the error was displayed (Disallowed implicit conversion from data type char to data type binary, table 'UserASP', column 'PWDCr'. Use the CONVERT function to run this query.)
Then i have used this query
update UserASP set PWDCr=CAST(dbo.fn_md5x(RTRIM(RTRIM('HelloWorld') + 'salt'),DEFAULT) as BINARY(16)) where id=99999
it saved but value was PWDCr = 0x38306530666239613161383732616162
in SQA I run this query an got this results:
select CAST(dbo.fn_md5x(RTRIM(RTRIM('HelloWorld') + 'salt'),DEFAULT) as BINARY(16))
0x38306530666239613161383732616162
select dbo.fn_md5x(RTRIM(RTRIM('HelloWorld') + 'salt'),DEFAULT)
80e0fb9a1a872aab680b4a01089c2570
Could you advice me how to save old password to crypted password by T-SQL in required format (0x80e0fb9a1a872aab680b4a01089c2570)
Thank you
...the Kingdom of God is inside of you, and it is outside of you. When you come to know yourselves, then you will become known, and you will realize that it is you who are the sons of the living Father.
|
|
|
|
|
Exactly what I was looking for. Thanks for this great article!
|
|
|
|
|
This is an excelent article.it is realy appricited
|
|
|
|
|
Like Ali Hamdar, I also have heard MD5 is weak. The article is from 2004. Should we still use it in 2010 or not?
|
|
|
|
|
In doing research I found that there is a built in function from SQL2005 and up. Try this code. I think you'll find it produces the exact same result as the DLL
Select HashBytes('MD5', 'Hello world!')
|
|
|
|
|
Many researches proved that MD5 is vulnerable and policies in different software companies such as Microsoft banned their usage.
Check this article on MD5 vulnerability[^]Ali Hamdar
|
|
|
|
|
I know this is an older thread, but thanks for the article. I was able to create an extended stored procedure, but it seems that whenever I run it, sqlservr.exe keeps increasing in mem usage in task manager. Has anybody else seen this?
|
|
|
|
|
Please note, that if you want execute function fn_md5() from your application which is connecting to database via own username, you can get message "EXECUTE permission denied on object 'xp_md5', database 'master', owner 'dbo'."
You must grant access to Execute xp_md5 by guest user on master database.
To do it select Users tab in master database, double-click on guest user, select Permisions, find xp_md5 procedure on list, and select checkbox in EXEC column.
Hope this help.
|
|
|
|
|
I have updated and compiled the XP_MD5 for x64 and it works beautifully. I have it in production now. Email me at jrb@vertisan.com and I will gladly send it to you.
|
|
|
|
|
Thanks for a great little utility. fn_md5x() has helped me organize thousands of images in my SQL2000 database, and prune out many duplicates.
But I am running into one frustrating problem.
I'd like to compute the MD5 hash in my vb.net front end before adding the image to the DB. So I can see if the image is already there. So I use the ComputeHash() function in System.Security.Cryptography.MD5CryptoServiceProvider and then do a SELECT on my image table to see if an image with that hash already exists.
But the problem is that ComputeHash generates a different MD5 hash value from fn_MD5x, and I can't figure it out.
The insert trigger on my image table does the equivalent of:
UPDATE Images SET MD5_Hash = dbo.fn_md5x(ImageData, -1) WHERE ImageID = @ImageID
The VB.NET function is below:
Public Function MD5Hash(ByVal Image() As Byte) As String
Dim objMD5 As New System.Security.Cryptography.MD5CryptoServiceProvider
Dim arrHash() As Byte
arrHash = objMD5.ComputeHash(Image)
objMD5 = Nothing
Return ByteArrayToString(arrHash)
End Function
Private Function ByteArrayToString(ByVal arrInput() As Byte) As String
Dim strOutput As New System.Text.StringBuilder(arrInput.Length)
For i As Integer = 0 To arrInput.Length - 1
strOutput.Append(arrInput(i).ToString("X2"))
Next
Return strOutput.ToString().ToLower
End Function
Why am I getting different hashes for the same image?
Thanks in advance.
|
|
|
|
|
It is a pain but I have managed to compile a 64 bit version of the dll.
--
David
|
|
|
|
|
To the Author...Is there any license, restriction of use or fee for using this code/dll? Is it available for free use by companies?
Please advise...
Thank You!
|
|
|
|
|
|
|
hello
i hv a field having comma saparated int values n i want to find d count of particular value in d table
example :
jobtypes
------------
1,2,3,4,
2,7,9,
1,4,6,7,
n i want to find count of 1
expected answer=2;
plz help
|
|
|
|
|
SQL server supports an function for MD5 encryption, why not just use that 
HashBytes( <algorithm>, <input> )
algorithm = 'MD2' | 'MD4' | 'MD5' | 'SHA' | 'SHA1'
input types = varchar | nvarchar | varbinary
0xA5BA0D8F38FB421F472CCE3C566467A7 = SELECT HashBytes('MD2','CodeProject.com')
0xBEC58CDEEB04C7B366E4FDD4F35D4603 = SELECT HashBytes('MD4','CodeProject.com')
0x1BA4C8D9E8F1B1DD8BC05379ED3292EB = SELECT HashBytes('MD5','CodeProject.com')
0x0EF9E6456730DBAD24BFE4FEC6DB85032EB0DBB0 = SELECT HashBytes('SHA','CodeProject.com')
0x0EF9E6456730DBAD24BFE4FEC6DB85032EB0DBB0 = SELECT HashBytes('SHA1','CodeProject.com')
Or
INSERT INTO Users(Username,Password) VALUES('Administrator', HashBytes('SHA1','P@55w0rd'))
Or
Look here at Microsoft http://msdn2.microsoft.com/en-us/library/ms174415.aspx[^]
|
|
|
|
|
How do I pass a SecureString var. to SQLS Stored Procedure?
Both from C#, and SQL Server side?
I'm assuming varbinary on the SS side, will handle
this as Input parameter to stored procedure.
I'm just not sure of the allowable code to handle this.
F.Z. Atlanta
|
|
|
|
|
like some guy told earlier, there are some collision problems with md5 and it is recommended to use a salt for passwords -its no big deal for cheksums. is it possible to use salt with this code??
|
|
|
|
|
Hi Vic Mackey,
you call the srv_paraminfo two times
srv_paraminfo(pSrvProc, 1, &cType, &uMaxLen, &uLen, NULL, &fNull);
pData = (BYTE*)malloc(uLen);
srv_paraminfo(pSrvProc, 1, &cType, &uMaxLen, &uLen, pData, &fNull); :confused:
uDataLen = uLen;
it make no sence for me, because all the same param.
Regards Marc
|
|
|
|
|
Has anyone tested this in SQL 2005 yet? Or have a variant that works in 2005?
|
|
|
|
|
Downloaded it, compiled it, used it.
And I learned some stuff by reading the source code 
Thanks!
|
|
|
|
|
Hello,
I am a bit surprised that there is more then just one result after a md5 hash. RFC 1321 describes a 128 bit output after application of their algorithm. What is different in your code? The reference (link to the algorithm) is not available anymore.
So, I am sure that this is definitely an encription function but is it MD5?
Martin
|
|
|
|
|
|
Hi,
I'm using the MD5 dll on SQL 2000 servers and it works perfect. However, recently I got the need to use it on a win2003 server and SQL 2005 server, both 64-bit versions. It does not work...
I did like before:
USE master;
EXEC sp_addextendedproc 'xp_md5', 'xp_md5.dll'
no complaints here.
But when I try this:
EXEC master.dbo.xp_md5 'Hello world!'
I get the following error:
Msg 17750, Level 16, State 0, Procedure xp_md5, Line 1
Could not load the DLL xp_md5.dll, or one of the DLLs it references. Reason: 193(%1 is not a valid Win32 application.).
Which confuses me.. Is this because some missing error messages for the x64 version? Or does it mean that I'm toast?  I think I am toast and that I need a 64-bit version.
Any suggestions?
KP
|
|
|
|
|
Is it possible to make this work with c#?
And give a small example with it.
Thanks.
|
|
|
|
|
Hello there
When using ADODatabase.Execute for creating a stored procedure (from within my C++ program), if the user doesn't have admin rights, it seems to be putting the user as the owner of the storedproc.
Then, if the owner is a specific user, then others can't access it.
I was wondering if anyone has any idea on how to go about it...
Thanks.
|
|
|
|
|
|
I'd like to use the MD5 function and select into a table insted of piping output to the screen.
select dbo.fn_md5 (email)
into newtable
from zip852
I ran the follwing script with no luck. Things work fine until I add the into statement. Any ideas?
Server: Msg 8155, Level 16, State 1, Line 1
No column was specified for column 1 of 'newtable'.
|
|
|
|
|
I'm trying to find a method to determine file integrity for a custom log shipping solution. It would be great if I can use an extended stored procedure for this instead of having to find or write a command application that does this. Does your extended stored proc do this or do you have any plans for this feature? Or maybe you have seen something like what I'm looking for? I'd appreciate some feedback.
Jack
|
|
|
|
|
This is a very helpful stored procedure... though I have not been able to use it fully. I've stored passwords in a database as binary(16), and have not been able to figure out how to accurately convert the resultant hash to that data type. Am I missing something obvious?
Lew
|
|
|
|
|
This might be irrelevant to the article since it specifically handles md5 algorithm. But I wanted to know if there’s a way to get a numeric hash? just like the one returned by object.getHashCode() in .NET .. Probably, any other algorithm or implementation ?!
|
|
|
|
|
Well the encryption works on my SQL 2000 server. But how do you decrypt it back? Is there another dll file or function to do that?
|
|
|
|
|
Resume:
I'm using ASP, to call a StoredPrecedure (SQL 2000), passing values.
My problem, is, after the Stored procedure is completed, i'd like of
it to return a value, a error message, or something, back to my
asp... but after this excecution of SP, the recordset is closed...
1- How to pass a value back to asp (true recordset maybe)
i tried calling (below, is orriginal code) the SP adding this
input value like this: 'returnVal OUTPUT',
and tried to return like this :
'*** SP return exemple
returnVal = @@error
RETURN returnVal
but it does not seem to allow the first thing... 'returnVal OUTPUT'
And just trying to return a value like i did does not seem to be ok!?!
what should i do??
I provide you with my orriginal coding...
*************** ASP calling the Stored Procedure *************
sql_edit_contact = "EXEC editContact " &_
"'" & ContID & "','" & accountid & "','" & title & "'" &_
",'" & prefix & "','" & firstname & "','" & lastname & "'" &_
",'" & company & "','" & email & "','" & busphone & "'" &_
",'" & busphoneext & "','" & altphone & "','" & altphoneext & "'"
set rsEditContact = server.CreateObject("adodb.recordset")
rsEditContact.Open sql_edit_contact,conn,3,3
******** My Stored Procedure **************
CREATE PROCEDURE [dbo].[editContact]
@g_user_id nvarchar (255),
@g_org_id nvarchar (255),
@u_user_title nvarchar (255),
@prefix nvarchar (255),
.....
@howheard nvarchar (255)
AS
BEGIN TRANSACTION editContact
UPDATE UserObject
SET g_org_id = @g_org_id,
u_user_title = @u_user_title,
.....
howheard = @howheard
WHERE (g_user_id = @g_user_id)
IF @@error <> 0
BEGIN
ROLLBACK TRANSACTION editContact
END
UPDATE Addresses
SET u_address_name = @u_address_name,
u_address_line1 = @u_address_line1,
.....
fax_number = @fax_number
WHERE (g_id = @g_id)
IF @@error <> 0
BEGIN
ROLLBACK TRANSACTION editContact
END
COMMIT TRANSACTION
GO
*********************************************************
Thanks to any of you
lp_rochon
|
|
|
|
|
I installed the dll on development server and everything is working fine. After installing in production, when I tried to run a select dbo.fn_md5 statement, I get the following error:
----------------------
[Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionCheckForData (CheckforData()).
Server: Msg 11, Level 16, State 1, Line 0
General network error. Check your network documentation.
Connection Broken
---------------------
Both servers are running SQL 2000, version 8.00.801(sp3)
Any ideas why this is happening?
|
|
|
|
|
|
Old code used deprecated srv_paramdata()/srv_paramlen() which truncated string types to 255 characters. New version uses srv_paraminfo(). Article was updated on March 8, 2005.
|
|
|
|
|
I'm using the xp_md5 function to hash some values I have in ntext fields. I've created a function to accept text fields and convert my ntext fields to text. There seems to be an issue though, as some fields that are different are hashing as the same. For client privilege purposes, I cannot post the strings here. Are there any issues with this code that I should be aware of?
|
|
|
|
|
Great article!
However, although Christophe Devine's work is excellent and trustworthy, it is usually customary to include the test vectors along with a self test routine with any published cryptographic building block source code, such as MD5 (RFC. 1321).
Unless the code has undergone FIPS 140-1[2] certification. Which this hasn't.
Cheers.
-yafan
|
|
|
|
|
How can I create MD5 for ntext or image fields?
I'd like to compare ntext fields in database.
|
|
|
|
|
NEWS: as of 2004, MD5 has a known collision weakness. See the technical article about the collisions (http://eprint.iacr.org/2004/199.pdf), read more meta-info about the collisions (http://www.rtfm.com/movabletype/archives/2004_08.html#001055), and read a FAQ on the impact of the MD5 collisions (http://www.cryptography.com/cnews/hash.html).
Synopsis: MD5 is not completely useless, but is now problematic for certain uses.
|
|
|
|
|
I am right now using this extended stored procedure in one of the test database on sql server 2000 and it works fine. I tried to do the same on a different sql server and it did not work on that. Then I got an explaination that the former was a 32 bit processor and latter was a 64 bit processor. Is there anyway to make use of this extended stored procedure on a 64-bit processor!!!
Anil
|
|
|
|
|
Is the xp_md5.dll is a trial version or permanent one .
I really want to know this as soon as possible
|
|
|
|
|
Hi,
I extract the MD5.dll and copied into the C:\Program Files\Microsoft SQL Server\MSSQL\Binn.
I then register the extended stored procedure in the master database, with the path to the .dll file.
When executing the statement EXEC master.dbo.xp_md5 'Hello world!'
I get back the following error:
ODBC: Msg 0, Level 16, State 1
Cannot find the function xp_MD5 in the library C:\Program Files\Microsoft SQL Server\MSSQL\Binn\xp_md5.dll. Reason: 127(The specified procedure could not be found.).
Any ideas?
|
|
|
|
|
What a God send, I was needing to replicate some passwords across from custom user tables against the phpbb2 forum tables, and like a lot of php code I guess (I wouldn't know) the passwords needed to be MD5 compliant. I really wanted to do this from a proc and not a scheduled web job - perfect solution.
Kudos Vic, happy coding.
|
|
|
|
|
You got my 5 stars (although I did not read the code yet).
The simple fact that you have this idea, and optimize to a 4 Kb dll with ALIGN clearly demonstrates the way to write extended stored procedures, one of the most powerful - and neglected - tools in SQL Server.
One detail: you should not rely on user corectness, but rather to check the input to death.
An xp...dll cannot afford to crash, since is a dll loaded by SQL server.
Maybe the caller process will call the exported function in __try/__finally, but is a pity to get a buffer overrun or the programmer's best friend 0xC0000005  .
So if you plan to sell to others, check (and increase the dll to 6 Kb ).
As is now, free, is ok. After all, you wrote "I'll call correctly, do the same".
Keep up the good work!
|
|
|
|
|
I was just wondering if something like this could be accomplished in Managed C++ or C# and still work with the SQL Server in a stored procedure???????
/sinus-c
|
|
|
|
|
|
|
 General  News  Suggestion  Question  Bug  Answer  Joke  Rant  Admin
|
An extended stored procedure for SQL Server that implements an optimized MD5 hash algorithm. Very small DLL (barely 7 KB).
| Type | Article |
| Licence | |
| First Posted | 26 Jan 2004 |
| Views | 612,545 |
| Bookmarked | 109 times |
|
|
Submit an article or tip
Post your Blog
