| Author |
 Topic  |
|
sqllover
Posting Yak Master
India
204 Posts |
 Posted - 02/05/2007 : 04:21:56
|
hi,
in my login form i have the password field.so i am sending password to my database table but while sending password has to be encrypted and while returning it has to be decrypted,is it possible to do in database if means please show me some example please |
|
|
Kristen
Test
United Kingdom
22191 Posts |
Posted - 02/05/2007 : 04:31:54
|
pwdencrypt('Some Text Password) will provide a one-way encryption - so you can store that as the encrypted version of the password (e.g. at Registration), and then use the function at Login and compare the encrypted result with that stored from Registration.
pwdencrypt is undocumented (AFAIK)
Kristen |
 |
|
|
harsh_athalye
Flowing Fount of Yak Knowledge
India
5509 Posts |
|
|
sqllover
Posting Yak Master
India
204 Posts |
Posted - 02/05/2007 : 04:36:43
|
hi Kristen, how can i decrypt . is there any way to decrypt.
pwdencrypt is working for encryption.
how can i decrypt for cheacking the password |
|
|
|
Kristen
Test
United Kingdom
22191 Posts |
Posted - 02/05/2007 : 04:54:59
|
The idea is that you use a oneway encryption - therefore there is no possibility of anyone reverse engineering the passwords (although they could use a Dictionary Attack, and you will NOT be able to "Send the user an Email with their password")
So, you store the encrypted version of the password, and the original plain text password is never stored anywhere.
When the user logs in you Encrypt the password they provide, and then compare the encrypted version with what is stored in the database. If they match the user provided the correct password. No one can hack in to view the password.
If you want to store it encrypted AND be able to unencrypt it you need some sort of Public/Private key system. but the problem with that is the Decrypting key will be help either in your code, or in the Registry of the server, or similar, and you run the risk that a hacker will be able to find that.
Kristen |
|
|
|
sqllover
Posting Yak Master
India
204 Posts |
Posted - 02/05/2007 : 05:28:06
|
| hi Kristen thanks for ur kind reply |
|
|
|
sqllover
Posting Yak Master
India
204 Posts |
Posted - 02/05/2007 : 05:45:35
|
hi harsh_athalye,
u have tole me to use this link for encryption/decryption
please help to how to use this
for example i have password like "harsh_athalye"
how can i encrypt and decrypt please tell me how to do using that function which u have shown
http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=76258 |
|
|
|
harsh_athalye
Flowing Fount of Yak Knowledge
India
5509 Posts |
Posted - 02/05/2007 : 05:55:20
|
You need to use fnEncDecRc4() to do the encryption/decryption.
Let's say you have plaintext password 'harsh_athalye' and you want to encrypt it using a key lets say 'sqllover'. You can do it this way:
-- returns encrypted password
Select dbo.fnEncDecRc4('sqllover', 'harsh_athalye')
output (encrypted password):
---------------
e��N¨�6��u(
-- decrypt it using same key
select dbo.fnEncDecRc4('sqllover', 'e��N¨�6��u(')
output
-----------------
harsh_athalye
Harsh Athalye
India.
"The IMPOSSIBLE is often UNTRIED" |
|
|
|
sqllover
Posting Yak Master
India
204 Posts |
Posted - 02/05/2007 : 06:09:02
|
| hi harsh_athalye thanks a lot,fentastic |
|
|
|
helly69
Starting Member
1 Posts |
Posted - 10/31/2007 : 18:18:40
|
Hi
http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=76258
This is a nice function for en- nad decryption. But there is an error in it. If you have the character e on the secound position of the password, the function encrypts only the first character.
Regards,
Helly |
|
|
|
spirit1
Cybernetic Yak Master
Slovenia
11741 Posts |
|
|
arorarahul.0688
Posting Yak Master
India
125 Posts |
Posted - 11/01/2007 : 08:23:00
|
quote:
Originally posted by Kristen
pwdencrypt('Some Text Password) will provide a one-way encryption - so you can store that as the encrypted version of the password (e.g. at Registration), and then use the function at Login and compare the encrypted result with that stored from Registration.
pwdencrypt is undocumented (AFAIK)
Kristen
HI KRISTEN
I READ UR ARTICLE
AND TRIED THE PWDENCRYPT(12)
ITS WRKING WELL ENCRYPTING 12
BT WHEN SECOND TIME I AM USING THIS STATEMENT AT LOGIN TO COMPARE THE ENCRYPTED FORM OF INPUT I.E 12 TO STORED VALUES
SECOND TIME USED PEDENCRYPT FUNCTION PRODUCES A NEW ENCRYPTED VALUE AND
NOT MATCHING WITH THE STORED VALUE
PLZ HELP
REGARDS
Rahul Arora
MCA 07 Batch
NCCE Israna, Panipat
HRY, INDIA |
|
|
|
Kristen
Test
United Kingdom
22191 Posts |
Posted - 11/01/2007 : 10:08:05
|
Use pwdcompare to compare a plain text password against the store, encrypted, password.
Kristen |
|
|
|
SwePeso
Patron Saint of Lost Yaks
Sweden
29138 Posts |
Posted - 11/01/2007 : 12:31:58
|
quote:
Originally posted by helly69
But there is an error in it. If you have the character e on the secound position of the password, the function encrypts only the first character.
Tested and can't find the error.
SELECT dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yik', 'This is the secret message.'))) -- Fails
SELECT dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yek', 'This is the secret message.'))) -- Works
SELECT dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yak', 'This is the secret message.'))) -- Fails
E 12°55'05.25"
N 56°04'39.16" |
|
|
|
saini_balvinder
Starting Member
22 Posts |
Posted - 01/02/2008 : 21:27:47
|
got a issue with this one..im not sure why..
My results are as follows:
Select dbo.fnEncDecRc4('Orange12345', 'Hello123')
Output : ,M�gl
Select dbo.fnEncDecRc4('Orange12345', ',Mgl')
Output : �M
i am not able to decrypt it. Any idea why this is hapenning? Does it has to do something with regional settings?
|
|
|
|
saurabh122
Starting Member
16 Posts |
Posted - 01/11/2008 : 10:02:16
|
Hi arorarahul.0688,
I have used the same function to encrypt the password and later on comparing a string with the same. The query is as follows:
insert into adduser(username,temppassword) values('saurabh',pwdencrypt('p1'))
select pwdcompare('p1',temppassword) from adduser where id = 50
Hope this helps
|
|
|
|
artee
Starting Member
2 Posts |
Posted - 03/09/2009 : 00:38:31
|
Hi,
I have used this function to encrypt SSN numbers in a table that has 80000+ records. This worked great, though it took a long time to encrypt all the SSN fields.
I now have a web application that accesses these records and based on a search criteria it dispays the retrieved records after decrypting the SSN numbers on the web page. This works fine if the search criteria returns a small number of records. But if the query returns more than say 50 records it takes a while (around a minute) to display the webpage. I understand that it is taking time because it has to decrypt the SSN number for each record. I can't imagine how long it would take to decrypt and retrieve all the records from this table
Is there any other way to speed up this query that decrypts the SSN numbers?
I would really appreciate any pointers.
Thanks
- Artee
|
|
|
|
SwePeso
Patron Saint of Lost Yaks
Sweden
29138 Posts |
Posted - 03/09/2009 : 07:12:11
|
If you are using SQL Server 2005, there are other built-in encryption and decryption functions which are faster.
E 12°55'05.63"
N 56°04'39.26" |
|
|
|
artee
Starting Member
2 Posts |
Posted - 03/09/2009 : 08:51:14
|
No, we are still using SQL 2000, but planning to upgrade to 2005 after a few months. In the meantime, how do I get it to run faster.
- Artee |
|
|
|
karan01baha
Starting Member
India
1 Posts |
Posted - 07/17/2010 : 10:26:07
|
Hi ,
i have an encrypted password i.e 2e93ddd589b791811389f7bf60d52ea0
please decrypt this for me .. thats ma own password which was hacked by sum1 else .. so planning to change ma password .. m tensed help me
karan |
|
|
|
SwePeso
Patron Saint of Lost Yaks
Sweden
29138 Posts |
Posted - 07/17/2010 : 10:51:25
|
If you are going to change your password, just do it with the user interface.
None of us here will help you break an application.
N 56°04'39.26"
E 12°55'05.63" |
|
|
|
Topic |
|
how to encrypt and decrypt my password
