SQL 2008 SSIS hashbytes add salt

  • I have been tasked with migrating a set of data to a new system. The data will be exported from a SQL2008 db and uploaded to a ftp location in a flat file format. One column in the file will be a users password and the requirement is in two stages the first is to hash the password field and this is where there is a problem. I have drawn the companys attention to the fact that there is plenty of sites that have online decrypting of hashed text, they have responded suggesting that we add 'salt' to the process. I have looked on the net but the only solutions I have found have involved programming solutions and adding a executable object to the server.

    Is there a solution that is totally codable within SSIS (including the script task).

    Your help would really be appreciated.

  • You can do this fully within SSIS with a script task. I would suggest an encryption like AES-256 to encrypt the password, you could store the PW in the script (not very secure) or somewhere else and read it. once encrypted you could output it as a base64 string that would go very nicely into a file.

    I believe there are lots of samples on the net for taking a string and encrypting it in VB.NET..

    How much data are we talking about? How many rows?

    CEWII

  • You know that 'oh god why dont i keep my big mouth shut feeling' well I have just experienced that. First of all the dba is saying the whole file needs to be encrypted and we have xp_crypt the snag is other parties who are involved in the project dont, the senior people involved dont seem to want to make a decision so its left to me. Anyway I have used the hashbytes function with a salt and downloaded a Base64 function which seems to do the trick.

    Job done

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply