how to encrypt the password column

后端未结

关注

 6  1764

温柔的废话 2021-01-12 08:16

I have user table in SQL Server 2008 r2. Nothing there is encrypted yet but I would like to at the least encrypt the passwords until the app is ready that will handle this b

6条回答

广开言路 (楼主)

2021-01-12 08:24
Note: password hashing is not meant for 2-way encryption (where a rogue dba can decrypt it). It is meant for hashing it in a way that allows validation without trivially showing the password to anyone. A low or even moderate level of collisions is in some ways desirable so that it allows the password through (and unfortunately other variants) but with collisions you can never tell what the real password actually was.

A simple implementation would be to run HashBytes over the password. You compare the (hash of) password provided to the hash stored. Unless someone has a rainbow table ready, they will not be able to find the original password.
```
INSERT INTO  (..., passwd) values (...., HashBytes('SHA1', @password))
```
When validating passwords, you take the hash of the password
```
SELECT HashBytes('SHA1', @password);
```
And compare it against the input.
0 讨论(0)

查看其它6个回答
发布评论:

提交评论
- 加载中...