Re: Symettric key

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "John Bell" <jbellnewsposts@xxxxxxxxxxx>
Date: Sat, 26 Sep 2009 11:15:57 +0100

"Manny" <Manny@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:396BD4A7-789E-4BBD-9DC2-2C030A6AE1F7@xxxxxxxxxxxxxxxx

Hey Guys, I followed the article in

http://msdn.microsoft.com/en-us/library/ms189440(SQL.90).aspx

to encrypt the Users Password.

In my app, I have a view which authenticates the User. What can I set the
new query in order to authenticate the user properly i.e Encrypt the password
entered by user on a form within view or do I have to use Stored Procedure
only?

Thanks

Manny

Hi Manny

You should look at storing a hash of the password and then comparing thye hash of what has been entered against the hash value stored.

I would call a procedure to do this compare.

John

.

References:
- Symettric key
  - From: Manny

Prev by Date: RE: Problem Executing a Stored Proc within a cursor
Next by Date: Re: sql data access
Previous by thread: Symettric key
Next by thread: Emtpy Guid.Why?
Index(es):
- Date
- Thread

Relevant Pages

RE: Can Kerberos be cracked??
... Subject: Can Kerberos be cracked?? ... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ...
(Focus-Microsoft)
RE: Can Kerberos be cracked??
... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ... The server doesn't actually know what the user's>>password is, ...
(Focus-Microsoft)
Re: Can Kerberos be cracked??
... encrypt the timestamp) still be susceptible to brute-force using dictionary ... Secondly, even without the actual password known, wouldn't juz the hash (let ... The server doesn't actually know what the user's ...
(Focus-Microsoft)
Re: Can Kerberos be cracked??
... > against the encrypted timestamp. ... > As for your assumption about the hash being as good as the password, ... >> encrypt the timestamp) still be susceptible to brute-force ... The server doesn't actually know what the user's ...
(Focus-Microsoft)
Re: Pardon the intrusion from a newbie
... Take the message to be encrypted and derive a pseudo-unique hash value ... the PRNG used to generate the "one time pad". ... Encrypt the message. ...
(sci.crypt)