Post reply

how to get text from hashed text value by sql server 2017 ?

  • May 9, 2022 at 11:09 am

    #4029401

    How to extract data from hashbyte text after hash or encrypted on SQL

    how to extract data from hashbyte text after hash or encrypted on sql server 2017 ?

    I work on sql server 2017 i have field nvarchar(max) store values hashbytes

    suppose i have text as username:sayed password:321

    and i hash it by using hashbyte

    so after hashing by using hashbyte

    i need to extract data from it

    meaning i need to get data of user as

    username:sayed password:321

    so how to extract data from field hashed by using hashbyte sql server 2017

    meaning

    How to get data password:321

    i hash my text as below

    select HASHBYTES('SHA2_512','username:sayed password:321')

    how to get text

     

    username:sayed password:321

    from hashed below

    0x11AF8281C1FB70097586CDCA6A9B2CA35BCC464CCD4F57D3C1D347371EB8433015080669AE93141D8A170822BB803CC36015841ED3BA853D322201C4A25F9E8D

     

     

  • May 9, 2022 at 12:26 pm

    #4029428

    Hashing is a one-way process ... you can't get back to the original value if you know only its hashed value.

    The absence of evidence is not evidence of absence.
    Martin Rees

    You can lead a horse to water, but a pencil must be lead.
    Stan Laurel

  • May 9, 2022 at 1:31 pm

    #4029471

    If you are trying to, perhaps compare the hashed value to the user input, what you should be doing is rehashing the value (in the application) and then comparing it to the hashed value; if the hashed values are the same, then you know that the input values were the same too.

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk

  • May 9, 2022 at 1:33 pm

    #4029472

    Also, an nvarchar(max) is the wrong choice of data type. HASHBYTES returns a varbinary with a length of up to 8000.

    Thom~

    Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does.
    Larnu.uk

  • May 9, 2022 at 5:32 pm

    #4029601

    When trying to use hashed passwords, you don't unhash what you have stored.  As others said, hashing is basically a one-way-trip and that's a good thing.

    When the user creates their password, it MUST be hashed using one of the better logarithms for hashing to help it survive brute force attackas and "Rainbow Table" attacks.  When they user wants to login again, they provide their password like they did the first time.  That password gets hashed and then you compare the hashes.

    Of course, I'm not including all the other stuff like a proper "salt", etc, etc.  I'll remind folks that most people that try to come up with their own security have the risk of becoming unemployable in a rapid fashion. 😀

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply