Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
HI,
How can we hash the passwords in an already existing database? The passwords in the database are in clear text, which is a security issue. I don't want to use the in-built SQL Server hash functions, but create my own application for hashing the passwords. I was thinking of creating another column of datatype varbinary(16) -MD5 hash- and storing the hashed values there and deleting the cleartext password column.
ALso, I read that salting is very important. What do you guys think? Any ideas are most welcome.
Posted 19-Sep-11 17:31pm
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 4

You will have to add another column pwd_salt in the database
and generate the pwd_salt randomly

concate pwd + pwd_salt to a string
convert string to bytes
and use computehash function from System.Security.Cryptography.SHA1Managed of .net class to compute hash.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 3

1. Write a quick console app to hash the passwords outside of SQL.
2. Yes, salt.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

You can use SQL internal encryption functions
EncryptByPassPhrase[^]
decryptbypassphrase[^]
for encryption of perticular column.

OR

Play your own logic of text encryption.


Simple encrypting and decrypting data in C#[^]

http://www.geekinterview.com/talk/1527-encrypt-password-in-c-net.html[^]
  Permalink  
Comments
Chris Maunder at 20-Sep-11 0:27am
   
Encrypting passwords is a bad idea. The poster was asking about hashing. Two very different beasts.
CodingLover at 20-Sep-11 0:31am
   
I agreed with Chris.
kittydas at 20-Sep-11 3:13am
   
Agreed with Chris too. Hash functions are one-way functions. Encryption is two-way.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Storing passwords in plain text is really bad idea. Don't ever do that.

You can convert the password into hash in code level and store in the database as a character string. Are you working with C# or something else?
  Permalink  
v2
Comments
kittydas at 20-Sep-11 3:14am
   
C++
CodingLover at 20-Sep-11 3:58am
   
I used the following in most of the cases.

http://www.cplusplus.com/reference/std/locale/collate/hash/

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 229
1 OriginalGriff 225
2 Suvendu Shekhar Giri 205
3 PIEBALDconsult 180
4 Peter Leow 135
0 Sergey Alexandrovich Kryukov 6,434
1 OriginalGriff 6,033
2 Peter Leow 2,534
3 Maciej Los 2,268
4 Abhinav S 2,264


Advertise | Privacy | Mobile
Web04 | 2.8.150414.1 | Last Updated 20 Sep 2011
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100