Great, just so others know, MD2, MD4, MD5, SHA, and SHA1 algorithms are deprecated starting with SQL Server 2016 (13.x). Use SHA2_256 or SHA2_512 instead. Older algorithms will continue working, but they will raise a deprecation event.
How do you check a password using hashing if it’s stored with newid() attached? Won’t newid() return a different ID every time? So when as user logs into a webpage and we take the password to compare to the stored one, how do we ensure an accurate comparison?
For the above case you would store the seed ( newid value) in the database and concat it with the input password to generate the hash value. On login we fetch the seed from database for the username and concat it with the input password then generate the hash value at time of lohin. Next we compare the hash value with what is already saved in the db. WordPress uses a similar approach
Great, just so others know, MD2, MD4, MD5, SHA, and SHA1 algorithms are deprecated starting with SQL Server 2016 (13.x). Use SHA2_256 or SHA2_512 instead. Older algorithms will continue working, but they will raise a deprecation event.
Yes, always a good idea to keep an eye on deprecated features.
How do you check a password using hashing if it’s stored with newid() attached? Won’t newid() return a different ID every time? So when as user logs into a webpage and we take the password to compare to the stored one, how do we ensure an accurate comparison?
For the above case you would store the seed ( newid value) in the database and concat it with the input password to generate the hash value. On login we fetch the seed from database for the username and concat it with the input password then generate the hash value at time of lohin. Next we compare the hash value with what is already saved in the db. WordPress uses a similar approach
Jayanth Kurup makes total sense. I was thinking that we would add the newid to the select when comparing the values. Thanks for the response!
Really Interesting and Informative..
Prem Kumar thank you . Glad you found it useful
Good explanation!
thank you , glad you liked it.
thank you , glad you liked it.