none
Need example of a "Hash" function.....

    Question

  • Many articles on sql server security make reference to Hash functions. Do you know of a simple example of a hash function that I could show to others?

    For example, would taking the first eight bytes of the mathematical "sin" of a number be a good function? I don't know. Or is a hash "function" actually an involved algorithm, so the "simple" formula I was looking for really doesn't exist.

    TIA,

    Barkingdog

     

     

    Thursday, August 17, 2006 5:42 PM

Answers

  • In SQL Server 2005 we have a new builtin to calculate hash functions: HashBytes.

    For more details on this builtin I recommend consulting BOL (http://msdn2.microsoft.com/en-us/library/ms174415.aspx), but here is a short example:

     

    SELECT HashBytes( 'sha1', '1234' )

    -- returns 0x7110EDA4D09E062AA5E4A390B0A572AC0D2C0220

    SELECT HashBytes( 'md5', '1234' )

    --returns 0x81DC9BDB52D04DC20036DBD8313ED055

     

    -Raul Garcia

      SDE/T

      SQL Server Engine

    Thursday, August 17, 2006 5:51 PM

All replies

  • In SQL Server 2005 we have a new builtin to calculate hash functions: HashBytes.

    For more details on this builtin I recommend consulting BOL (http://msdn2.microsoft.com/en-us/library/ms174415.aspx), but here is a short example:

     

    SELECT HashBytes( 'sha1', '1234' )

    -- returns 0x7110EDA4D09E062AA5E4A390B0A572AC0D2C0220

    SELECT HashBytes( 'md5', '1234' )

    --returns 0x81DC9BDB52D04DC20036DBD8313ED055

     

    -Raul Garcia

      SDE/T

      SQL Server Engine

    Thursday, August 17, 2006 5:51 PM
  • I have read that both MD5 and SHA1 (its successor) have been "compromised". Is this true?

    Barkingdog

    Thursday, August 17, 2006 5:59 PM
  • This is true.  MD5 is completely unreliable, and SHA-1 is getting shakier by the month.  I wouldn't rely on it.  As of 2010, I don't think Microsoft will be relying on it either.  Lets hope they take this into account for Sql Server and give us an algorithm that is still considered secure.  SHA-2 is the only one that I have read that has yet to be compromised.  NIST is currently in the process of selecting a SHA-3 algorithm out of 18 candidates IIRC.  I actually think that Microsoft should release a patch to Sql Server, providing us with a secure hash algorithm.  Right now, HashBytes is not really useful, from a security standpoint.
    Monday, August 31, 2009 2:46 AM
  • Huh?  The entire password infrastructure in SQL Server is based on MD5 hashes.  If there were a security threat to that, we'd have a patch released that would fix the problem. 

    EVERY encryption algorithm has a method to break it.  That is one of the requirements of an encryption algorithm.  If you are saying that there is something wrong with an MD5 or SHA-1 hash, please provide the proof instead of just making a blanket statement meant to scare people.
    Mike Hotek BlowFrog Software, Inc. http://www.BlowFrogSoftware.com Affordable database tools for SQL Server professionals
    Monday, August 31, 2009 5:10 AM
  • Its not tru that encryption methods allow break in. Just that Key is the secuity that they provide just like locks.
    Hashing is different. It is meant to avoid beak-in i.e. irreversible. The reason why they are searching for SHA-3 is because people have shown ability to some extent to reverse the hashes.

    Wednesday, September 02, 2009 11:26 AM