SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 how to encrypt and decrypt my password
 New Topic  Reply to Topic
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

sqllover
Constraint Violating Yak Guru

India
303 Posts

Posted - 02/05/2007 :  04:21:56  Show Profile  Reply with Quote
hi,
in my login form i have the password field.so i am sending password to my database table but while sending password has to be encrypted and while returning it has to be decrypted,is it possible to do in database if means please show me some example please

Kristen
Test

United Kingdom
22403 Posts

Posted - 02/05/2007 :  04:31:54  Show Profile  Reply with Quote
pwdencrypt('Some Text Password) will provide a one-way encryption - so you can store that as the encrypted version of the password (e.g. at Registration), and then use the function at Login and compare the encrypted result with that stored from Registration.

pwdencrypt is undocumented (AFAIK)

Kristen
Go to Top of Page

harsh_athalye
Flowing Fount of Yak Knowledge

India
5509 Posts

Posted - 02/05/2007 :  04:34:07  Show Profile  Visit harsh_athalye's Homepage  Click to see harsh_athalye's MSN Messenger address  Send harsh_athalye a Yahoo! Message  Reply with Quote
Peter has taken great pains to bless us with a wonderful implementation of RC4 encryption algorithm. See if you can use it:

http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=76258

Harsh Athalye
India.
"The IMPOSSIBLE is often UNTRIED"
Go to Top of Page

sqllover
Constraint Violating Yak Guru

India
303 Posts

Posted - 02/05/2007 :  04:36:43  Show Profile  Reply with Quote
hi Kristen, how can i decrypt . is there any way to decrypt.

pwdencrypt is working for encryption.
how can i decrypt for cheacking the password
Go to Top of Page

Kristen
Test

United Kingdom
22403 Posts

Posted - 02/05/2007 :  04:54:59  Show Profile  Reply with Quote
The idea is that you use a oneway encryption - therefore there is no possibility of anyone reverse engineering the passwords (although they could use a Dictionary Attack, and you will NOT be able to "Send the user an Email with their password")

So, you store the encrypted version of the password, and the original plain text password is never stored anywhere.

When the user logs in you Encrypt the password they provide, and then compare the encrypted version with what is stored in the database. If they match the user provided the correct password. No one can hack in to view the password.

If you want to store it encrypted AND be able to unencrypt it you need some sort of Public/Private key system. but the problem with that is the Decrypting key will be help either in your code, or in the Registry of the server, or similar, and you run the risk that a hacker will be able to find that.

Kristen
Go to Top of Page

sqllover
Constraint Violating Yak Guru

India
303 Posts

Posted - 02/05/2007 :  05:28:06  Show Profile  Reply with Quote
hi Kristen thanks for ur kind reply
Go to Top of Page

sqllover
Constraint Violating Yak Guru

India
303 Posts

Posted - 02/05/2007 :  05:45:35  Show Profile  Reply with Quote
hi harsh_athalye,
u have tole me to use this link for encryption/decryption
please help to how to use this
for example i have password like "harsh_athalye"

how can i encrypt and decrypt please tell me how to do using that function which u have shown


http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=76258
Go to Top of Page

harsh_athalye
Flowing Fount of Yak Knowledge

India
5509 Posts

Posted - 02/05/2007 :  05:55:20  Show Profile  Visit harsh_athalye's Homepage  Click to see harsh_athalye's MSN Messenger address  Send harsh_athalye a Yahoo! Message  Reply with Quote
You need to use fnEncDecRc4() to do the encryption/decryption.

Let's say you have plaintext password 'harsh_athalye' and you want to encrypt it using a key lets say 'sqllover'. You can do it this way:

-- returns encrypted password
Select dbo.fnEncDecRc4('sqllover', 'harsh_athalye')

output (encrypted password):
---------------
eN¨6u(

-- decrypt it using same key
select dbo.fnEncDecRc4('sqllover', 'eN¨6u(')

output
-----------------
harsh_athalye




Harsh Athalye
India.
"The IMPOSSIBLE is often UNTRIED"
Go to Top of Page

sqllover
Constraint Violating Yak Guru

India
303 Posts

Posted - 02/05/2007 :  06:09:02  Show Profile  Reply with Quote
hi harsh_athalye thanks a lot,fentastic
Go to Top of Page

helly69
Starting Member

1 Posts

Posted - 10/31/2007 :  18:18:40  Show Profile  Reply with Quote
Hi

http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=76258
This is a nice function for en- nad decryption. But there is an error in it. If you have the character e on the secound position of the password, the function encrypts only the first character.

Regards,
Helly
Go to Top of Page

spirit1
Cybernetic Yak Master

Slovenia
11749 Posts

Posted - 10/31/2007 :  19:22:13  Show Profile  Visit spirit1's Homepage  Reply with Quote
not to mention that passwords should be hashed and not encrypted...

_______________________________________________
Causing trouble since 1980
blog: http://weblogs.sqlteam.com/mladenp
SSMS Add-in that does a few things: www.ssmstoolspack.com
Go to Top of Page

arorarahul.0688
Posting Yak Master

India
125 Posts

Posted - 11/01/2007 :  08:23:00  Show Profile  Reply with Quote
quote:
Originally posted by Kristen

pwdencrypt('Some Text Password) will provide a one-way encryption - so you can store that as the encrypted version of the password (e.g. at Registration), and then use the function at Login and compare the encrypted result with that stored from Registration.

pwdencrypt is undocumented (AFAIK)

Kristen



HI KRISTEN
I READ UR ARTICLE
AND TRIED THE PWDENCRYPT(12)
ITS WRKING WELL ENCRYPTING 12
BT WHEN SECOND TIME I AM USING THIS STATEMENT AT LOGIN TO COMPARE THE ENCRYPTED FORM OF INPUT I.E 12 TO STORED VALUES
SECOND TIME USED PEDENCRYPT FUNCTION PRODUCES A NEW ENCRYPTED VALUE AND
NOT MATCHING WITH THE STORED VALUE
PLZ HELP
REGARDS

Rahul Arora
MCA 07 Batch
NCCE Israna, Panipat
HRY, INDIA
Go to Top of Page

Kristen
Test

United Kingdom
22403 Posts

Posted - 11/01/2007 :  10:08:05  Show Profile  Reply with Quote
Use pwdcompare to compare a plain text password against the store, encrypted, password.

Kristen
Go to Top of Page

SwePeso
Patron Saint of Lost Yaks

Sweden
29910 Posts

Posted - 11/01/2007 :  12:31:58  Show Profile  Visit SwePeso's Homepage  Reply with Quote
quote:
Originally posted by helly69

But there is an error in it. If you have the character e on the secound position of the password, the function encrypts only the first character.
Tested and can't find the error.

SELECT	dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yik', 'This is the secret message.')))	-- Fails
SELECT	dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yek', 'This is the secret message.')))	-- Works
SELECT	dbo.fnEncDecRc4('Yek', (SELECT dbo.fnEncDecRc4('Yak', 'This is the secret message.')))	-- Fails



E 12°55'05.25"
N 56°04'39.16"
Go to Top of Page

saini_balvinder
Starting Member

22 Posts

Posted - 01/02/2008 :  21:27:47  Show Profile  Reply with Quote
got a issue with this one..im not sure why..

My results are as follows:

Select dbo.fnEncDecRc4('Orange12345', 'Hello123')
Output : ,Mgl
Select dbo.fnEncDecRc4('Orange12345', ',Mgl')
Output : M

i am not able to decrypt it. Any idea why this is hapenning? Does it has to do something with regional settings?
Go to Top of Page

saurabh122
Starting Member

16 Posts

Posted - 01/11/2008 :  10:02:16  Show Profile  Reply with Quote
Hi arorarahul.0688,

I have used the same function to encrypt the password and later on comparing a string with the same. The query is as follows:

insert into adduser(username,temppassword) values('saurabh',pwdencrypt('p1'))
select pwdcompare('p1',temppassword) from adduser where id = 50

Hope this helps


Go to Top of Page

artee
Starting Member

2 Posts

Posted - 03/09/2009 :  00:38:31  Show Profile  Reply with Quote
Hi,
I have used this function to encrypt SSN numbers in a table that has 80000+ records. This worked great, though it took a long time to encrypt all the SSN fields.

I now have a web application that accesses these records and based on a search criteria it dispays the retrieved records after decrypting the SSN numbers on the web page. This works fine if the search criteria returns a small number of records. But if the query returns more than say 50 records it takes a while (around a minute) to display the webpage. I understand that it is taking time because it has to decrypt the SSN number for each record. I can't imagine how long it would take to decrypt and retrieve all the records from this table

Is there any other way to speed up this query that decrypts the SSN numbers?
I would really appreciate any pointers.
Thanks
- Artee
Go to Top of Page

SwePeso
Patron Saint of Lost Yaks

Sweden
29910 Posts

Posted - 03/09/2009 :  07:12:11  Show Profile  Visit SwePeso's Homepage  Reply with Quote
If you are using SQL Server 2005, there are other built-in encryption and decryption functions which are faster.



E 12°55'05.63"
N 56°04'39.26"
Go to Top of Page

artee
Starting Member

2 Posts

Posted - 03/09/2009 :  08:51:14  Show Profile  Reply with Quote
No, we are still using SQL 2000, but planning to upgrade to 2005 after a few months. In the meantime, how do I get it to run faster.
- Artee
Go to Top of Page

karan01baha
Starting Member

India
1 Posts

Posted - 07/17/2010 :  10:26:07  Show Profile  Reply with Quote
Hi ,
i have an encrypted password i.e 2e93ddd589b791811389f7bf60d52ea0
please decrypt this for me .. thats ma own password which was hacked by sum1 else .. so planning to change ma password .. m tensed help me

karan
Go to Top of Page

SwePeso
Patron Saint of Lost Yaks

Sweden
29910 Posts

Posted - 07/17/2010 :  10:51:25  Show Profile  Visit SwePeso's Homepage  Reply with Quote
If you are going to change your password, just do it with the user interface.
None of us here will help you break an application.



N 56°04'39.26"
E 12°55'05.63"
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.19 seconds. Powered By: Snitz Forums 2000