Please start any new threads on our new site at We've got lots of great SQL Server experts to answer whatever question you can come up with.

Our new SQL Server Forums are live! Come on over! We've restricted the ability to create new threads on these forums.

SQL Server Forums
Profile | Active Topics | Members | Search | Forum FAQ
Save Password
Forgot your Password?

 All Forums
 Site Related Forums
 Article Discussion
 Article: Pwdencrypt() Weakness
 Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Ask SQLTeam Question

0 Posts

Posted - 07/10/2002 :  15:33:23  Show Profile  Visit AskSQLTeam's Homepage  Reply with Quote
Uberbloke submitted From "The Register" The inner workings of the undocumented pwdencrypt() hash function in Microsoft SQL Server have been revealed in a paper by security researcher David Litchfield of Next Generation Security Software (NGSS). Sort of thing that we ought to know about, I suppose." Thanks! The article is really a scare piece. It's really only a problem if you're already a system administrator on SQL Server. The other issue is if you used pwdencrypt() to secure other data in SQL Server. Turns out it's not quite that secure.

Article Link.

Posting Yak Master

191 Posts

Posted - 07/23/2002 :  16:38:02  Show Profile  Reply with Quote
Has anyone tried the code to break the passwords?
I ran it for 72 hours on a test server and it had not cracked a password yet. I was just curious if any one had run it until it cracked a password.

"They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety."
(Benjamin Franklin)

Go to Top of Page
  Previous Topic Topic Next Topic  
 Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2019 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.04 seconds. Powered By: Snitz Forums 2000