Re: Binary_Checksum - How secure is it?
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Tue, 6 Feb 2007 23:16:19 +0000 (UTC)
Karthik (Karthik@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
In one of my client's database some confidential information is stored
in an encrypted format and a different column has the original value in
a Binary_Checksum format.
For example, if 'abc' is a password, its first encrypted and put in
Column1. But a Binary_Checksum of 'abc' is stored in Column2 for
comparison purposes.
I am just wondering whether this is secure. Can't the Binary_Checksum
value (26435) be reversed to get the original 'abc'?
I believe the checksum algorithm is not very sophisticated at all, it only
performs some XOR operations. Then again, it's a destroying
transformation. There are many strings that gets the same checksum. So
it's not completely trivial to guess the original text. Unless, of
course, you already have an idea of what it could be.
So it's not certainly not as secure as a real encrypted value.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Prev by Date: Re: Binary_Checksum - How secure is it?
- Next by Date: Re: transfering logins
- Previous by thread: Re: Binary_Checksum - How secure is it?
- Next by thread: Re: Binary_Checksum - How secure is it?
- Index(es):
Relevant Pages
|
