Post reply

SQL user password hash algorithm and salt value

  • September 22, 2014 at 12:59 pm

    #293517

    Hi All.. How to find hash algorithm and salt value for sql logins in sql server 2005.

  • September 22, 2014 at 1:14 pm

    #1747220

    The algorithm used for SQL logins isn't documented.

    Why do you need it?

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • September 22, 2014 at 1:45 pm

    #1747227

    This isn't disclosed as it would be a security issue for the platform if someone were to be able to duplicate this.

  • September 22, 2014 at 2:08 pm

    #1747237

    Is it SHA1 hashed algorithm used by default for sql user password, in sql 2005?

  • September 22, 2014 at 3:07 pm

    #1747245

    GilaMonster (9/22/2014)

    The algorithm used for SQL logins isn't documented.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • September 23, 2014 at 5:09 am

    #1747364

    http://sqlity.net/en/2460/sql-password-hash/

    This article says sha1 from sql2000 and sha_512 from sql 2012.

  • September 23, 2014 at 8:50 am

    #1747513

    SQL!$@w$0ME (9/23/2014)

    http://sqlity.net/en/2460/sql-password-hash/

    This article says sha1 from sql2000 and sha_512 from sql 2012.

    That may be true. It hasn't been documented AFAIK or disclosed by MS, but perhaps it is SHA2_512. That would have been the current recommended hash algorithm when 2012 was being developed. Today I'd say SHA3 is better suited.

  • April 30, 2015 at 10:29 am

    #1794783

    On SQL 2005, 2008, 2008R2 the password is hashed using SHA-1 hashing algorithm with salt. The result is a varbinary string with 0x0100 in the first two bytes. The salt is stored in the next 4 bytes. The hash value is stored in the remainder of the varbinary string.

    On SQL 2012 and above the password is hashed using SHA-512 hashing algorithm with salt. The result is a varbinary string with 0x0200 in the first two bytes. The salt is stored in the next 4 bytes. The hash value is stored in the remainder of the varbinary string.

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply

Cookies on SQLServerCentral

This website stores cookies on your computer.

These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.

To find out more about the cookies we use, see our Privacy Policy