Results 1 to 9 of 9
  1. #1
    Join Date
    Sep 2003
    Location
    KY
    Posts
    146

    Unanswered: Is there a way to read password

    Is there any way for the SA to read passwords (not the Binary but actual text)
    ?

    Thanks

  2. #2
    Join Date
    Oct 2003
    Posts
    12

    Cracking SQL 2000 passwords

    Just found this one today.

    http://www.nextgenss.com/products/sqlcrack.htm


    Hope this helps...

  3. #3
    Join Date
    Oct 2003
    Location
    Pune
    Posts
    59
    I don't think it is possible!!!!!!!!
    Cyrus
    Finding ways for solution

  4. #4
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    Dictionary and brute force attacks are possible against any password system, but are of course they are not always succesful. If you are talking about decrypting the password, that is another matter.

    Microsoft SQL Server's built-in encryption algorythm for stored procedures is very weak and was cracked some time ago. The instructions for decrypting these objects is available on the web. I do not know if it is the same algorythm used to encrypt passwords, but I imagine that it is not. Passwords only require a one-way encryption scheme, which is easy to make virtually crack-proof, while code such as stored procedures requires a two-way encryption method so that they can be unencrypted when necessary.

    blindman

  5. #5
    Join Date
    Sep 2003
    Location
    KY
    Posts
    146

    So

    Now my question is : Can an application send an Encripted password to SQL Server ?

    Please respond earliest possible ..

    Thanks !!

  6. #6
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Provided Answers: 1
    No, you can't log in using the encrypted password. You have to submit the unencrypted password which SQL Server then encrypts using its own algorythm and compare to the encrypted password it has stored for the user.

    What are you trying to do?

    blindman

  7. #7
    Join Date
    Oct 2003
    Location
    Pune
    Posts
    59

    Re: So

    Originally posted by aashu
    Now my question is : Can an application send an Encripted password to SQL Server ?

    Please respond earliest possible ..

    Thanks !!
    What is ur need ?
    Can u explain that?
    Cyrus
    Finding ways for solution

  8. #8
    Join Date
    Sep 2003
    Location
    KY
    Posts
    146

    Nothing specific

    My Boss is comparing DB2 and SQl Security . Db2 has an INI file which stores the passwords in it . However SQl Accepts passwords as regular character field and I was wondering if SQL can accept the pre- Encyped form of password . Seems like it has to be decrypted before being passed to SQL

    Thnak for the Help friends

    Aashu

  9. #9
    Join Date
    Sep 2003
    Posts
    522
    well, of course you can pass an encrypted string to sql. what you'll have to do is to create the password on sql box out of this encrypted string. in fact, this is a very cool idea, because without knowing the actual encryption algorythm that is part of your app, it would be even more challenging to guess the password using all known hacking technics. of course, nothing is impossible, but probably will not be worth the hackers' time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •