If you are interested in MSSQL user information, you may find the Master. DBO. sysxlogins stores user passwords. However, if the password field is not null, It is a bunch of binary files that cannot be understood. How is this password encrypted?
In fact, you only need to take a closer look at Master. DBO. sp_addlogin. You can see all the MSSQL Sp. Code Yes.
Let's take a look at how it works. Pay attention to this line of select @ passwd = pwdencrypt (@ passwd). After this, @ passwd will be encrypted. Let's also try it.
Declare @ clearpwd varchar (255)
Declare @ encryptedpwd varbinary (255)
Select @ clearpwd = 'test'
Select @ encryptedpwd = convert (varbinary (255), pwdencrypt (@ clearpwd ))
Select @ encryptedpwd
It looks good. It is indeed encrypted, but how can I restore it?
well, that's all. Password Encryption is one-way. You can use encrypted passwords to compare them.
continue to check the SP related to other users. You can find that there is password comparison in master. DBO. sp_password.
pwdcompare (@ old, password, (case when xstatus & 2048 = 2048 then 1 else 0 end)
ignore xstatus, which is a status mask, generally, we can use 0 directly.
declare @ clearpwd varchar (255)
declare @ encryptedpwd varbinary (255)
select @ clearpwd = 'test'
select @ encryptedpwd = convert (varbinary (255), pwdencrypt (@ clearpwd)
select pwdcompare (@ clearpwd, @ encryptedpwd, 0)
select pwdcompare ('errorpassword', @ encryptedp WD, 0)
so that we can use these two functions to encrypt our passwords. How about that?