Click here to Skip to main content
13,251,760 members (81,334 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
declare @original nvarchar(128)  = '1'
declare @afterhash varbinary(128) = HASHBYTES('SHA2_512', '1')
 
select PWDCOMPARE(@original, @afterhash)
select @afterhash
 


What I have tried:

I have tried to change 1 to 0 and change 1 to @original.
Posted 9-Nov-17 6:37am
Updated 9-Nov-17 7:32am

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

It's returning 0 because PWDCOMPARE is hashing the clear text password you're passing in with an algorithm that is not SHA2_512.

You can see this yourself by doing this:
DECLARE @Original nvarchar(128) = '1';
 
DECLARE @Hashed varbinary(128) = HASHBYTES('SHA2_512', '1');
 
SELECT PWDENCRYPT(@Original) AS 'PWDENCRYPT Hash';
SELECT @Hashed AS 'SHA2_512 Hash';
 
SELECT PWDCOMPARE(@Original, @Hashed);


You should only use PWDCOMPARE with a column that was encrypted with PWDENCRYPT.

You should NOT being PWDENCRYPT anymore. Use HASHBYTES instead and compare against the column value yourself.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy |
Web03 | 2.8.171114.1 | Last Updated 9 Nov 2017
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100