I want to decrypt passwords stored in my database on Sql Server 2008 which were encrypted using Exec master.dbo.xp_sha1 #Password, #EncPassword output .Is it possible to decrypt?
encrypted passwords look like this : xxstgggettebbqyyayujjweee
Thanks
xp_sha1 is a not standard master stored procedure, it is not included in any sql server i've seen, but doing a quick google i came across: http://www.xpcrypt.com/xpho/xp_sha1.htm
As I stated in my answer/comments in your question Encrypt passwords on Sql Server 2008 using SHA1 encryption is not the same thing as hashing. SHA1 is a hash, not an encryption. Encryption can be undone, hashing cannot.
The links called out in the answer for the last question go through this in some detail, but here are several articles specifically around the differences between encryption and hashing:
Difference between Hashing a Password and Encrypting it
http://www.darkreading.com/safely-storing-user-passwords-hashing-vs-encrypting/a/d-id/1269374
Please Understand that there is a fundamental difference between encrypting and hashing.
If you encrypt "password" to "123809dsfajsfoiwj" as an example, knowing the key and encryption method, you can arrive back at "password" through an appropriate decrypt.
Using SHA1 and hashing "password" there is no way to ever reverse the hashed "jdsfioajd0f98uas" (example) back to the original "password". Hashes are created the same each time given the same input, so hashes are compared to hashes for "validating passwords". You never arrive back at the original.
Related
I'm trying to use an application external to SQL Server to decrypt data (that I've) encrypted in Azure SQL Database. I can decrypt it natively in SQL Server using DecryptByKey - but I want to do this on the client computer. I know the key_source parameter used to generate the key and I can decode the initialisation vector and cipher data from the field data thanks to this SO post.
The key is being created by:
create symmetric key #tempkey
with algorithm = AES_256,
key_source='*****'
encryption by password = '*****'
I'm not able to find a reference to the key-derivation algorithm used by SQL server to convert the key_source into
the actual key. Sqlity says that the details are not published, however this blog article is getting old now - and I'm hoping that's changed.
Inspecting the key information in sys.key_encryptions:
key_id|thumbprint|crypt_type|crypt_type_desc|crypt_property
259|NULL|ESP2|ENCRYPTION BY PASSWORD V2|NULL
sys.symmetric_keys doesn't appear to yield anything of use
There is a similar SO question here; but the answer refers to using a stored procedure to complete the decryption - which is not what I want to do.
Can anyone point me in the right direction of the key derivation algorithm implementation so that given the known key_source, I can generate the symmetric encryption key value and decrypt the cipher data?
My work-around is to do both encryption and decryption outside of SQL Server, but I'd like to avoid that if I can.
I study SQLInjection testing it on one site, that use Microsoft SQL Server 2008.
sqlmap-dev$ python sqlmap.py -u "https://site?id=239" --current-user --current-db -b --users --privileges --passwords
Receive users login and hashed password:
Like this: 0x01005847e7a1ffa21b9c6811420f0e502612c8dd976f685f63a6
The question is, how I can know it?
I understand that I cannot really reverse the hashed string.
I find this: https://stackoverflow.com/a/18154134/2264941
As I understand:
0x0100 - use SHA1
5847e7a1 - salt
ffa21b9c6811420f0e502612c8dd976f685f63a6 - hashed password with salt
Is this algoritm correct for MS SQL 2008 ?
Maybe there is some online instruments that can help me?
You cannot do this. That is literally the whole point in hashing and salting... You could try a password cracker but it will take A LONG TIME.
I want to decrypt password in SQL Server 2012 using DES to send that password in the mail using a SQL Server job.
Can anyone help me?
Thanks in advance.
You shouldn't really be de-encrypting passwords. And either not send passwords thru the emails!
And no, there's usually a random salt in the encryption, so you cannot decrypt it like that. Only Brute Force, because it's weak encryption method nowadays.
For Brute Force you can use for example pwdcompare - More at MSDN pwdcompare
i have a column of varbinary(max) type and used a salt of nvarchar(60) type that is generated randomly. I saved the salt in db and saved password using hashbyte(password+ salt).
Now I want to compare user password and authenticate him.
I tried taking his password and running this query--
SELECT [email] from admin where
[password]=HashBytes('SHA1','xxxxxx' +'/KsDnXdU+_a<t19wYCnEi/lxmXmAutR3DVA$#]~dSBskRMB?sb#41+=MFRpE')
It is not returning me email. I ran it directly on sql server management studio. But It gave me blank. Why is it so?
When im selecting by email im getting role, this means email is registered.
Is something wrong in my salt or query?
I fixed it. Actualy adding salt directly was causing me a bug, though it was getting added directly and hash was computed and no error was returned from sql server.
When i ran this query
Select role from admin where salt='/KsDnXdU+_a<t19wYCnEi/lxmXmAutR3DVA$#]~dSBskRMB?sb#41+=MFRpE'
I got no result. I realised, it was some Conversion problem. I used then Convert(nvarchar(60),'%?r>%Vb+$hUZO8}=38/_J[#q#1mf^rz!V&q~\dLH5nQ&/edR\c[6ya|q$e%r')
and ran my query as
SELECT [email] from admin where
[password]=HashBytes('SHA1', 'xxxxxx'+Convert(nvarchar(60),'%?r>%Vb+$hUZO8}=38/_J[#q#1mf^rz!V&q~\dLH5nQ&/edR\c[6ya|q$e%r'))
This returned me email. I am really not sure why this happened, but using sqlserver 2005, and above query i fixed it. I request moderators, If it is any bug in sql server 2005, please do let other know.
You need to use the same code when reading and when writing:
INSERT INTO dbo.admin (email, password, salt)
VALUES(#email,HashBytes('SHA2_512',#password+#salt),#salt);
and
SELECT email FROM dbo.admin
WHERE password = HashBytes('SHA2_512',#password+salt);
The only difference is that the select references the stored salt instead of a passed in salt.
You also should use the SHA2 algorithm as SHA1 is not secure anymore (http://www.md5decrypter.co.uk/sha1-decrypt.aspx). For SHA2_512 your column needs to be 64 bytes (http://msdn.microsoft.com/en-us/library/ms174415.aspx). You should use the specific length instead of (MAX) if possible.
As Aaron noted, SHA2 is not supported before SQL 2012. You can use a CLR implementation instead. This can get you started: http://geekswithblogs.net/hroggero/archive/2009/09/19/strong-password-hashing-with-sql-server.aspx However, it is using only 256 bits.
I have backed up an encrypted DB (symmetric key/certificate) and
restored it on a different server.
Unfortuantely we're having problems with the decryption... hoping
someone can help.
In the restored db, I can see the Symmetric Key and the Certificate in
SSMS, but when I try to Open the key using the cert ( open symmetric
key KeyA decryption by certificate CertB )I get the
following very descriptive error:
Msg 15466, Level 16, State 1, Line 1
An error occurred during decryption.
Any ideas?
Thanks in advance.
http://blogs.msdn.com/lcris/archive/2007/11/16/sql-server-2005-restoring-the-backup-of-a-database-that-uses-encryption.aspx answers this:
"When you restore a database that uses encryption features, there is only one thing you need to take care off - if the database master key (DbMK) needs a service master key (SMK) encryption, you need to regenerate this encryption. Note that this encryption is made by default when you create the DbMK, but it may be intentionally dropped, if you want tighter control of access to the encrypted data. Anyway, if you did have such SMK encryption for the DbMK, the steps to regenerate it are the following:
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'password'
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
CLOSE MASTER KEY
That's it - the database encryption features should now work as when the backup was taken. Also note that it doesn't matter if you restore the database on the server where the backup was taken or elsewhere. The only thing that matters for this procedure is that you know one of the passwords protecting the DbMK "
The master key was decrypted by the service master key on the source server and we were decrypting the master key with password on the destination. I altered the master key to be decrypted by the service master key and it's working now.
The problem you are probably experiencing is that the Database Master Key for the servers is different. To my understanding the other keys are based off of this and it could cause problems when trying to decrypt the data. Check out the encryption hierarchy for a description of the steps that go into data encryption.
I hope this answer helps and isn't too off-track. :)
http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/34c9c35c-2d08-4873-abfd-aae40240dfe7/?prof=required
That link worked for me, follow the 2 links to backup/restore
You can do the restore from the destination server using a UNC, you do not have to copy the file.