Friday, January 25, 2008
« What is {6230289B-5BEE-409e-932A-2F01FA4... | Main | The Beauty of LINQ »
Seattle Code Camp

Will be presenting at the Seattle Code Camp https://seattle.codecamp.us/ this Saturday.  My talk is entitled "Kick Your Hash" and I will attempt to bridge the cryptography gap between code and theory by showing SQL Server and .NET code, real life examples, and practical correct uses for Hashing.

Example 1:

SELECT HashBytes('MD5','password')

SELECT HashBytes('MD5',CONVERT(varchar(max),'password'))

SELECT HashBytes('MD5',CONVERT(nvarchar(max),'password'))

Example 2a:

ALTER PROC CheckLogin
@Login varchar(50),
@Password varchar(50),
@Valid bit OUTPUT
AS

SET NOCOUNT ON

SELECT *
FROM [User]
WHERE @Login = [User].[Login] AND [User].Hash = 
    HashBytes('MD5',CONVERT(varchar(max),[User].Prefix) + @Password)

IF (@@ROWCOUNT>0)
    SET @Valid = 1
ELSE 
    SET @Valid = 0

Example 2b:

CREATE TABLE [dbo].[User](
    [UserId] [uniqueidentifier] NOT NULL CONSTRAINT [DF_User_UserId]  DEFAULT (newid()),
    [Login] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
    [Hash] [varbinary](16) NOT NULL,
    [Prefix] [uniqueidentifier] NOT NULL,
 CONSTRAINT [PK_User] PRIMARY KEY CLUSTERED 
(
    [UserId] ASC
)WITH (PAD_INDEX  = OFF, IGNORE_DUP_KEY = OFF) ON [PRIMARY]
) ON [PRIMARY]

Example 2c:

DECLARE @Prefix uniqueidentifier
SET @Prefix = NewId()

INSERT INTO [User]
(
    [Login],
    Hash,
    Prefix )
VALUES(
    'wayne',
    HashBytes('MD5',CONVERT(varchar(max),@Prefix) + 'password'),
    @Prefix)

Example 3:

CREATE PROC ChangePassword
@Login varchar(50),
@OldPassword varchar(50),
@NewPassword varchar(50)
AS

UPDATE [User]
SET Hash = HashBytes('MD5',CONVERT(varchar(max),[User].Prefix) + @NewPassword)
WHERE @Login = [User].[Login] AND [User].Hash = 
    HashBytes('MD5',CONVERT(varchar(max),[User].Prefix) + @OldPassword)

Example 4a:

CREATE PROC AddData
@Data varbinary(max)
AS

INSERT INTO Data
(
    Data,
    Hash,
    [Size]
)
VALUES
(
    @Data,
    HashBytes('MD5',@Data),
    DATALENGTH(@Data)
)

Example 4b:

CREATE PROC FindData
@Data varbinary(max),
@Id uniqueidentifier OUTPUT
AS

DECLARE @Hash varbinary(16)
SET @Hash = HashBytes('MD5',@Data)

DECLARE @Length bigint
SET @Length = DATALENGTH(@Data)

SELECT @Id = DataId
FROM Data
WHERE @Hash = Hash AND @Length = Size

{6230289B-5BEE-409e-932A-2F01FA407A92}
 
T-SQL | Wayne
Friday, January 25, 2008 11:28:56 AM (Pacific Standard Time, UTC-08:00)  #    Disclaimer  |  Comments [0]  |  Related posts:
Shutting Down a Running COM+ Instance
Azure Storage - CloudDrive SDK
varchar(max) and varbinary(max) Questions and Answers
Mutual Exclusive CollapsiblePanelExtender
For Best Performance Avoid SELECT * Select Statements and never use COUNT(*)
Query SQL Server 2008 Total Memory Usage
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):
Live Comment Preview