[RESOLVED] SQL Server Password data type

[FishGuy]

Is there a password data type in SQL server like in access so I can store passwords in the database but so they are displayed as stars rather than plain text.

[Zoila]

I know in Access you have that option in the format section of the Table design maybe you can place that format in the Gui form.. if you are retrieving and/or entering information from it....

But as for the SQL design I haven't found anything maybe others more experienced may know something

[techgnome]

Short answer: No.

Slightly longer answer: It's generaly a bad idea to store passwords in the database. But if you *must*, then encrypt it. When you need to check it you can then do one of two things:
1) Encrypt the entered password (presumably by the user) and compare that to the encrypted value stored. or..
2) Decrypt the stored value and compare that to what was entered.

Option 1 is the more secure.

Tg

[szlamany]

To add to what TG has said - use option 1 with a "one-way only encryption algorithm". Passwords should not be able to be decrypted, in my opinion.

[dee-u]

One "cunning" idea I have is to encrypt your password then "embed" it in an image then save it in your database.... That way even if somebody will be manipulating your database they wouldnt see an encrypted string.

[FishGuy]

Ok thanks for the replies guys, what method do you recommend for the encryption, use a third party add in or devise my own algorithm? Just to give you some background all I have is a basic vb.net form which allows the user to enter a username and password, the form looks up the username and password if the passwords match it allows the execution of the app to continue.

[dee-u]

Of course it would be better if you would devise your own algorithm so it would be difficult to decrypt.

[FishGuy]

Sorry if im being a silly billy what kind of thing do you mean would something like reading in the string entered and multiplying each character value by a number then dividing it by another etc be the knd of thing or am I being two simplistic.

[dee-u]

Well, that is how the encryption process is done, it would all depend to you.

[techgnome]

I suggest using a pre-built tried and true method. They exist for a reason. If you only want to do one way encryption, then MD5 is the way to go.

Tg

[FishGuy]

techgnome - do you know where i can find out how to use MD5 i.e what i download and from where and how reference it.

[-TPM-]

I'd suggest you read through these:
This one's about salt
http://www.developerfusion.co.uk/show/4679/
This one's about different encryption type's, they use SHA for the Hash (page3) which is similar to MD5
http://www.devx.com/security/Article/7019/

[FishGuy]

For anyone else I have this working fine now thanks all for your help :-)

VB Code:

Public Class PasswordGenerator
 
    Inherits System.Windows.Forms.Form
 
 
#Region " Windows Form Designer generated code "
 
    Public Sub New()
        MyBase.New()
 
        'This call is required by the Windows Form Designer.
        InitializeComponent()
 
        'Add any initialization after the InitializeComponent() call
 
    End Sub
 
    'Form overrides dispose to clean up the component list.
    Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
        If disposing Then
            If Not (components Is Nothing) Then
                components.Dispose()
            End If
        End If
        MyBase.Dispose(disposing)
    End Sub
 
    'Required by the Windows Form Designer
    Private components As System.ComponentModel.IContainer
 
    'NOTE: The following procedure is required by the Windows Form Designer
    'It can be modified using the Windows Form Designer.  
    'Do not modify it using the code editor.
    Friend WithEvents TextBox1 As System.Windows.Forms.TextBox
    Friend WithEvents Label1 As System.Windows.Forms.Label
    Friend WithEvents Label2 As System.Windows.Forms.Label
    Friend WithEvents Button1 As System.Windows.Forms.Button
    Friend WithEvents TextBox2 As System.Windows.Forms.TextBox
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
        Dim resources As System.Resources.ResourceManager = New System.Resources.ResourceManager(GetType(PasswordGenerator))
        Me.TextBox1 = New System.Windows.Forms.TextBox
        Me.Label1 = New System.Windows.Forms.Label
        Me.Label2 = New System.Windows.Forms.Label
        Me.Button1 = New System.Windows.Forms.Button
        Me.TextBox2 = New System.Windows.Forms.TextBox
        Me.SuspendLayout()
        '
        'TextBox1
        '
        Me.TextBox1.Location = New System.Drawing.Point(8, 40)
        Me.TextBox1.Name = "TextBox1"
        Me.TextBox1.Size = New System.Drawing.Size(272, 20)
        Me.TextBox1.TabIndex = 0
        Me.TextBox1.Text = ""
        '
        'Label1
        '
        Me.Label1.Location = New System.Drawing.Point(8, 16)
        Me.Label1.Name = "Label1"
        Me.Label1.TabIndex = 1
        Me.Label1.Text = "Enter a Phrase"
        '
        'Label2
        '
        Me.Label2.Location = New System.Drawing.Point(8, 104)
        Me.Label2.Name = "Label2"
        Me.Label2.TabIndex = 2
        Me.Label2.Text = "Your Password Is"
        Me.Label2.Visible = False
        '
        'Button1
        '
        Me.Button1.Location = New System.Drawing.Point(96, 72)
        Me.Button1.Name = "Button1"
        Me.Button1.TabIndex = 4
        Me.Button1.Text = "Generate"
        '
        'TextBox2
        '
        Me.TextBox2.Location = New System.Drawing.Point(8, 128)
        Me.TextBox2.Multiline = True
        Me.TextBox2.Name = "TextBox2"
        Me.TextBox2.ReadOnly = True
        Me.TextBox2.Size = New System.Drawing.Size(280, 72)
        Me.TextBox2.TabIndex = 5
        Me.TextBox2.Text = ""
        '
        'PasswordGenerator
        '
        Me.AutoScaleBaseSize = New System.Drawing.Size(5, 13)
        Me.ClientSize = New System.Drawing.Size(292, 213)
        Me.Controls.Add(Me.TextBox2)
        Me.Controls.Add(Me.Button1)
        Me.Controls.Add(Me.Label2)
        Me.Controls.Add(Me.Label1)
        Me.Controls.Add(Me.TextBox1)
        Me.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedSingle
        Me.Icon = CType(resources.GetObject("$this.Icon"), System.Drawing.Icon)
        Me.MaximizeBox = False
        Me.Name = "PasswordGenerator"
        Me.Text = "Password Generator"
        Me.ResumeLayout(False)
 
    End Sub
 
#End Region
    Public Function GetHashValue(ByVal strInput As String) As String
        Try
 
            Dim md5 As New System.Security.Cryptography.MD5CryptoServiceProvider
            Dim hash As Byte()
            Dim b As Byte()
            Dim hashedString As String
            '
            b = System.Text.Encoding.UTF8.GetBytes(Trim(strInput))
            hash = md5.ComputeHash(b)
            hashedString = System.Convert.ToBase64String(hash)
            '
            ' return the output string
            GetHashValue = hashedString
 
        Catch
            GetHashValue = ""
        End Try
    End Function
 
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Me.TextBox2.Text = GetHashValue(Me.TextBox1.Text)
    End Sub
End Class

[techgnome]

.NET has that stuff build in under the System.Encryption (I think that's the right namespace) that can encrypt/decrypt and hash data for you.

Tg

[FishGuy]

Yes thanks techgnome, thats what I missed on my code I posted above the class declaration. I actually used Imports System.Security.Cryptography.
Sorry I didnt mean to posts all the windows generated code.
Anyway Thats my database stored password encrytion done now, I have created an app like above just to generate the passwords, as an admin utility. The acual app the user sees encrypts the password they enter and compares it to the one in the database.