Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2002-07-10 : 15:33:23
|
| Uberbloke submitted From "The Register" The inner workings of the undocumented pwdencrypt() hash function in Microsoft SQL Server have been revealed in a paper by security researcher David Litchfield of Next Generation Security Software (NGSS). Sort of thing that we ought to know about, I suppose." Thanks! The article is really a scare piece. It's really only a problem if you're already a system administrator on SQL Server. The other issue is if you used pwdencrypt() to secure other data in SQL Server. Turns out it's not quite that secure. Article Link. |
|
|
JohnDeere
Posting Yak Master
191 Posts |
Posted - 2002-07-23 : 16:38:02
|
| Has anyone tried the code to break the passwords?I ran it for 72 hours on a test server and it had not cracked a password yet. I was just curious if any one had run it until it cracked a password.LHarra"They that can give up essential liberty to obtain a little temporary safetydeserve neither liberty nor safety."(Benjamin Franklin) |
 |
|
|
|
|
|
Article: Pwdencrypt() Weakness