Unpublished SQL server password encryption function
Source: Internet
Author: User
If you are interested in MSSQL user information, you may find the Master. DBO. sysxlogins stores user passwords. However, if the password field is not null, It is a bunch of binary files that cannot be understood. How is this password encrypted?
In fact, you only need to take a closer look at Master. DBO. sp_addlogin. You can see all the MSSQL Sp. Code Yes.
Let's take a look at how it works. Pay attention to this line of select @ passwd = pwdencrypt (@ passwd). After this, @ passwd will be encrypted. Let's also try it.
Declare @ clearpwd varchar (255)
Declare @ encryptedpwd varbinary (255)
Select @ clearpwd = 'test'
Select @ encryptedpwd = convert (varbinary (255), pwdencrypt (@ clearpwd ))
Select @ encryptedpwd
It looks good. It is indeed encrypted, but how can I restore it?
Password Encryption is one-way. You can use encrypted passwords to compare them.
Continue to look at the SP related to other users. You can find that the master. DBO. sp_password contains the password comparison content.
Pwdcompare (@ old, password, (case when xstatus & 2048 = 2048 then 1 else 0 end ))
Ignore xstatus. This is a status mask. Generally, we can use 0 directly.
Declare @ clearpwd varchar (255)
Declare @ encryptedpwd varbinary (255)
Select @ clearpwd = 'test'
Select @ encryptedpwd = convert (varbinary (255), pwdencrypt (@ clearpwd ))
Select pwdcompare (@ clearpwd, @ encryptedpwd, 0)
Select pwdcompare ('errorpassword', @ encryptedpwd, 0)
In this way, we can use these two functions to encrypt our passwords.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.