Re: Binary_Checksum - How secure is it?

---

• From: Karthik <Karthik@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 7 Feb 2007 06:58:01 -0800

---

Hi Mike, Erland, Ray and Anthony,

Thank you for all the valuable input. I will present these facts to my
client. Hopefully he will agree for a proper hash rather than
binary_checksum()

Thank you!

Regards,
Karthik

"Mike C#" wrote:

Hi Karthik,

The hashes generated are only 32 bits long, which is tiny. BOL states that
the probability of a collision is higher than that of the MD5 one-way hash
function, which itself is considered insecure at this point. This means a
hacker has a much greater chance of guessing the password with brute force
or dictionary attacks. Consider the following sample run in SQL 2005:

SELECT BINARY_CHECKSUM('AAAAAAAAAAAAAAAAA')
SELECT BINARY_CHECKSUM('A')

The first thing to notice is the simplicity of the algorithm.
BINARY_CHECKSUM('A') returns 65, which is the ASCII code for.. what else?
'A'. Both of the SELECT statements above produce the same result. Someone
trying to hack this particular system where you use BINARY_CHECKSUM to hash
the password will have a pretty easy time of getting some generated string
to match that hash. I would switch to another hash algorithm like SHA or
something.

"Karthik" <Karthik@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0AC981BD-2919-496D-9572-D7F5EA38F3A8@xxxxxxxxxxxxxxxx

Hi,

In one of my client's database some confidential information is stored in
an
encrypted format and a different column has the original value in a
Binary_Checksum format.

For example, if 'abc' is a password, its first encrypted and put in
Column1.
But a Binary_Checksum of 'abc' is stored in Column2 for comparison
purposes.

I am just wondering whether this is secure. Can't the Binary_Checksum
value
(26435) be reversed to get the original 'abc'?

Thank you.

Regards,
Karthik

.

---

• References:
  • Re: Binary_Checksum - How secure is it?
    • From: Mike C#

• Prev by Date: Re: How to GRANT *all* permissions to *all* users?
• Next by Date: Transaction Error: missing statement
• Previous by thread: Re: Binary_Checksum - How secure is it?
• Next by thread: Re: Binary_Checksum - How secure is it?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Konstante als Referenz auf anonymen Hash ... Hash darstellt. ... Über 'print ABC->' kann ich nun auf die einzelnen Elemente zugreifen. ... Wie kann ich aber z.B. mit einer foreach Schleife über alle im Hash vorhandene Elemente iterieren, wenn die Referenz über eine Konstante gespeichert ist? ... foreach my $keys (keys ABC) { ... (de.comp.lang.perl.misc) Konstante als Referenz auf anonymen Hash ... die eine Referenz auf einen anonymen ... Hash darstellt. ... Über 'print ABC->' kann ich nun auf die einzelnen Elemente ... foreach my $keys (keys ABC) { ... (de.comp.lang.perl.misc) Re: How to find a word in wordlist ... > I have wordlist file having format: ... > # check.pl abc ... you could read the entire file into a hash. ... of memory, but thereafter, lookups are very fast. ... (comp.lang.perl.misc) Re: Binary_Checksum - How secure is it? ... trying to hack this particular system where you use BINARY_CHECKSUM to hash ... I would switch to another hash algorithm like SHA or ... encrypted format and a different column has the original value in a ... But a Binary_Checksum of 'abc' is stored in Column2 for comparison ... (microsoft.public.sqlserver.security) Re: Simple question regarding hashes ... abc & xyz useful to you? ... On 8/12/06, Robert Klemme wrote: ... You end up with the same hash ... (comp.lang.ruby)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2007-02