Generating hash value

Following Microsoft recommendations, I'd like to store a one-way passport
hash of a user's password. .NET provides method
FormsAuthentication.HashPasswordForStoringinConfigFile (...) to generate a
hash value with either SHA1 or MD5 algorithm. My problem is that the
password is to be generated on a workstation with no .NET installed. How can
I generate a hash value without .NET in the same way as
HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
Crypto API calls with the same effect? An external stored procedure on the
server side?
EliyahuYes, CryptoAPI supports calculating hashes using functions:
CryptCreateHash
CryptHashData
CryptGetHashParam (with dwParam = HP_HASHVAL to get actual hash buffer)
Start here:
http://msdn.microsoft.com/library/d...data_hashes.asp
The byte order in the capi buffer returned is identical to data in .NET
HashPasswordForStoringinConfigFile string.
You only need to convert the byte buffer into an ordered hex-string to match
the .NET hash string.
- Michel Gallant
MVP Security
"Eliyahu Goldin" <removemeegoldin@.monarchmed.com> wrote in message
news:Orw0CVVzDHA.2932@.TK2MSFTNGP09.phx.gbl...

quote:

---

> Following Microsoft recommendations, I'd like to store a one-way passport
> hash of a user's password. .NET provides method
> FormsAuthentication.HashPasswordForStoringinConfigFile (...) to generate a
> hash value with either SHA1 or MD5 algorithm. My problem is that the
> password is to be generated on a workstation with no .NET installed. How c
an
> I generate a hash value without .NET in the same way as
> HashPasswordForStoringinConfigFile does? Is there any sequence of Windows
> Crypto API calls with the same effect? An external stored procedure on the
> server side?
> Eliyahu
>

---

|||> Crypto API calls with the same effect? An external stored procedure on the

quote:

---

> server side?

---

you can use XP_CRYPT (www.activecrypt.com). Free version supports SHA1, MD5
and DES hashes without limitations.|||Thanks Michel and Andy,
Your answers are exactly what I need.
Eliyahu

generate login as well as user script

I know from sp_help_revlogin, we can generate login with correct password
information, how to generate a one step script for particular user with the
login as well as privileges information? sp_help_revlogin only generates the
login information, but not including the roles granted to the user.I don't think there is any script available to do this.
Mohammed.
"renhai" wrote:
> I know from sp_help_revlogin, we can generate login with correct password
> information, how to generate a one step script for particular user with the
> login as well as privileges information? sp_help_revlogin only generates the
> login information, but not including the roles granted to the user.

Generate a unique alphanumeric password

Hi There!
Does anybody know how to generate unique alphanumeric passwords in SQLServer?
You help will be very much appreciated :)
:) :)
Mel!Hello,

I don't think it is possible in SQLServer.
You can try:
http://www.burney.ws/software/demos/password_generator/

Kind regards,

Jan|||Originally posted by melaniemayfield
Does anybody know how to generate unique alphanumeric passwords in SQLServer?


I guess you don't think GUID is a nice password? ;-)

Just using RAND you can create some random passwords like this...

DECLARE @.PwdLen SMALLINT,
@.Chr TINYINT,
@.Password VARCHAR(20)

-- Seed
SET @.Chr = RAND(DATEPART(ms, GETDATE())) * 0
SET @.Password = ''

SET @.PwdLen = 1
WHILE @.PwdLen < 8
BEGIN
SET @.Chr = RAND() * 62
SET @.Password = @.Password + CHAR(
CASE WHEN @.Chr < 10 THEN @.Chr + 48
WHEN @.Chr BETWEEN 10 AND 35 THEN @.Chr + 55
ELSE @.Chr + 61
END)

SET @.PwdLen = @.PwdLen + 1
END

SELECT @.Password [Password]

Perhaps can get you something to work from.

Cheers,
Robert