SQLTeam.com Logo

Return to Pwdencrypt() Weakness

Pwdencrypt() Weakness

Written by Bill Graziano on 10 July 2002

Uberbloke submitted From "The Register" The inner workings of the undocumented pwdencrypt() hash function in Microsoft SQL Server have been revealed in a paper by security researcher David Litchfield of Next Generation Security Software (NGSS). Sort of thing that we ought to know about, I suppose. Thanks! The article is really a scare piece. It's really only a problem if you're already a system administrator on SQL Server. The other issue is if you used pwdencrypt() to secure other data in SQL Server. Turns out it's not quite that secure.