Is Sqlserver’s HASHBYTES() function cryptographically secure?

Question

Is Sqlserver’s HASHBYTES() function cryptographically secure?

Asked 4 years, 11 months ago

Viewed 116 times

2

The company I work today she has much of the programming done in the database through procedures and was seeing how the creation of the hash of passwords and their persistence in the bank. I discovered that the use of a very old function called PWDENCRYPT(). I’m willing to suggest a modification to this encryption and by researching, I discovered this HASHBYTES() which is a native function of SQL Server itself that does this as the algorithm of hash. I wonder if it is cryptographically secure and can be used in production.

Nothing is safe. What was safe yesterday is no longer safe. It’s all about time.

– José Diz

2019/10/31 at 15:40
Neither was made for passwords.

– Inkeliz

2019/12/10 at 16:52

1 answer

Browser other questions tagged sql-server cryptography hash

You are not signed in. Login or sign up in order to post.

by Maniero • **444,682** points · Answer 1 · 2019-10-31T14:03:57+00:00

2

Yeah, it’s safe if you use the right algorithm, if you use salt, etc., use an SHA2, do not use MD and avoid the previous SHA.

If you want to know more: How to hash passwords securely?.

Documentation.

Even without using Salt and without the iterations to make the hash slower?

– Gabriel Romão

2019/10/31 at 14:08
Salt’s always good, so I went through link to learn more how to use.

– Maniero

2019/10/31 at 14:09