Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to use the pwdencrypt() function to encrypt password

378 views
Skip to first unread message

Loic LE BLEIS

unread,
Jan 3, 2002, 12:15:39 PM1/3/02
to
Hello,

I'm using a SQLServer2K to store a "User" database for my intranet site
containing "Login" and "Password" fields.
I wish to encrypt the Password field not to leave them clear in the DB, so
I use the pwdencrypt function.
The problem is that when I use it again to compare the encrypted pass to the
one the user entered for authentification I never found equality beetwen the
one crypted and stored in my db and the one the user typed that I encrypt
too.

Can anyone help about that please?

Regards,

Loic


Hirantha Hettiarachchi

unread,
Jan 3, 2002, 12:30:11 PM1/3/02
to
Loic,
you have to use pwdcompare, another undocumented function call, to compare
the clear text and encrypted versions.
but use of these undocumented functions are not advisable as they are for MS
internal use and their function is likely to change/break in future

--
hth
Hirantha S Hettiarachchi MCSD,MCDBA
----------------------------------------------------------------------------
--------
Please reply only to the newsgroups.
When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.) which
can be cut and pasted into Query Analyzer is appreciated.

"Loic LE BLEIS" <loic.l...@polygones.com> wrote in message
news:e00e#qHlBHA.2560@tkmsftngp02...

Dinesh T K

unread,
Jan 3, 2002, 12:39:01 PM1/3/02
to
Loic,

PWDENCRYPT is a undocumented function..and so is PWDCOMPARE.

If you are willing to accept the risks associated with a undocumented
call...heres the syntax and usage of each.

PWDENCRYPT(pwd)
pwd- the password to encrypt.

PWDCOMPARE(pwd,pwdencrypt,oldenc)
pwd- the password to compare
pwdencrypt- the encrypted password to use
oldenc- 1 or 0 indicating wheter old-style encryption was used to encrypt
pwd (default 0)

Sample:
======
SELECT PWDENCRYPT('YourPassword') AS EncryptedPassword,
PWDCOMPARE('YourPassword', PWDENCRYPT('YourPassword')) AS EncryptedCompare


Else

There is a good article on this at http://www.sqlserverfaq.com/ just search
for encrypt.txt

On the other hand though, I assume, since you are doing this from ASP there
is another
way.

You can go to http://www.serverobjects.com/products.htm#free and take a look
at ASP Crypt which will duplicate the UNIX 1 way crypt() function. AFAIK
its a
free download.


Dinesh.

"Loic LE BLEIS" <loic.l...@polygones.com> wrote in message
news:e00e#qHlBHA.2560@tkmsftngp02...

Umachandar Jayachandran

unread,
Jan 3, 2002, 2:14:01 PM1/3/02
to
Encrypt the password on the client-side using CryptoAPI & store it in
the database. Don't use undocumented methods because the behavior can be
changed anytime & this has happened between releases always.

--
Umachandar Jayachandran
SQL Resources at http://www.umachandar.com/resources.htm
( Please reply only to newsgroup. )


0 new messages