How can I copy WordPress password to another table with SHA1? As per my knowledge WordPress using MD5
Currently I am using simple query something like
INSEERT INTO rc_user(password)
SELECT user_pass
FROM wp_users
So I have no idea how to convert encryption. Please help me.
You can't. Both SHA1 and MD5 are hash functions and they do one way conversion of data so there is no way to "decrypt" it after md5 is applied.
Related
WIN-PAK made some"questionable" schema changes in their back-end sql server db and it has broken my queries. What was an nvarchar(35) has been changed to a varbinary(MAX). In some add-on's I've written I need to be able to convert it back to a human readable string. Trouble is, I don't know how they are doing the encoding in the first place.
How do I convert 0x004E2B296D0F5707CA3D0EDA6FBC05CB010000007FFBED343A41DB3016798FA2B6FAFE8A4460E1ACB58CBA05BBE34AA0A133C6B8BE0F2F95C153CB658EABF4EFA09931EC
back to the string "PILLOW" ?
I've contacted Honeywell WIN-PAK support but since I'm not a licensed dealer they won't talk to me. I've tried the obvious convert and cast statements with no luck. I've done the usual forum lurking. I'm hoping someone that has knowledge of these changes can chime in, or someone who works alot with converted data can explain how 6 characters can become that messy binary.
Looks like they are using Microsoft SQL Servers encryption
Here is a good overview:
https://www.sqlshack.com/an-overview-of-the-column-level-sql-server-encryption/
I was able to decode the CardHolder table using the following (assuming its a generic encryption key):
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'WPMasterKey!##';
--CREATE CERTIFICATE WPEnctCertificate WITH SUBJECT = 'WP Personnel Data Ids'
OPEN SYMMETRIC KEY WPEnctSymmetricKey DECRYPTION BY CERTIFICATE WPEnctCertificate
SELECT TOP (1000) [RecordID]
,[AccountID]
,[SubAccountID]
,[TimeStamp]
,[UserID]
,[NodeID]
,[Deleted]
,[UserPriority]
,CONVERT(nvarchar, DecryptByKey([FirstName])) as FirstName
,CONVERT(nvarchar, DecryptByKey([LastName])) as LastName
,[FirstName]
,[LastName]
,[Note1]
FROM [WIN-PAK PRO].[dbo].[CardHolder]
I think the WPEnctCertificate should already be in your system, but if not, uncomment that line and run it.
In an MSSQL environment, I've got a stored procedure which I use to generate hashes. Currently, the stored procedure uses MD5 (with an appropriate security key).
I'm trying to change the stored procedure so that it uses Blowfish instead.
The current line in the stored procedure is:
select #hashedvalue = convert(nvarchar(32),hashbytes('MD5',#querystring+#hashpassword),2)
What's the correct syntax for hashing via Blowfish as opposed to MD5 please?
I've had a look at this but I couldn't work out which algorithm option I should be using...
Thanks!
HASHBYTES does not support Blowfish
You would need to use a CLR function (search for one) or see what this from Chilkat does
Personally I would use SHA2_512 for simple hashes.
Password hashing is different, you need bcrypt or other iterative hashing solutions.
I have a requirement to encrypt the customer's membership number in our database. So okay, we're using MS SQL Server, I figured I use encryptbypassphrase, change every place that writes this field to encrypt and every place that reads it to decrypt, etc.
Except ... there are places in the DB where the field is used to link multiple records. I was thinking no problem, I just change the join from "join blahblah on a.member_number=b.member_number", to "join blahblah on a.member_number_encrypted=b.member_number_encrypted". But this doesn't work, because I discovered that if I encrypt the same value twice, I don't get the same encrypted value. I guess it's adding some salt in there or something. And I don't want to say "join blahblah on decryptbypassphrase(#pw, a.member_number_encrypted)=decryptbypassphrase(#pw, b.member_number_encrypted), as that would turn an index lookup into a full-file search. I thought it would be ugly to have to index on the much bigger encrypted value, but ...
So ... Is there some way to force encryptbypassphrase to always encrypt the same input to the same output? Or does this mean that it is simply not practical to join on an encrypted field in most cases?
Or am I missing something?
What you are looking for is deterministic encryption.
You can achieve deterministic encryption by using a hash of plaintext as your IV, thus, you will get the same ciphertext every time you encrypt a given plaintext. Please see this article for reference.
If you are using/can use MS SQL Server 2016 you should look at Always Encrypted feature. Depending on what operations you want to do on your data. Always Encrypted will make your task easier, since it supports deterministic encryption. Few links that will help you.
Getting Started with Always Encrypted
This feature will make it easier to test Always Encrypted without writing an app
Configure Always Encrypted using SQL Server Management Studio
I have briefly explained the security guarantee provided by Always Encrypted here
I try more time to change in sql, encrypted data to decrypted..
Anybody know this solution,pls reply me..
my password shown as this format 0C6EB14DB9C05361B517EA553E77C977
but datatype was varchar
I want to need to encrypt this data
I suppose you are using PWDENCRYPT to encrypt your data. If so, then it is impossible to recover you password, because is makes a hash so you cannot reverse the hashed string. It is the idea of the hash algorithm to make it impossible. If you want to compare your input values with your encrypted values you can use PWDCOMPARE function.
I have a database that will be hosted by a third party. I need to encrypt strings in certain columns, but I do not want to loose the ability to query over the encrypted columns.
I have limited control over the SQL instance (I have control over the database I own, but not to any administrative functions.)
I realize that I can use a .net encryption library to encrypt the data before it is inserted into the table, but I would then loose the ability to query the data with sql.
I like using SQL Server's key management: http://technet.microsoft.com/en-us/library/bb895340.aspx . After you have a key setup then its really easy to use:
To insert records you do this:
insert into PatientTable values ('Pamela','Doc1',
encryptByKey(Key_GUID('secret'),'111-11-1111'),
encryptByKey(Key_GUID('secret'),'Migraine'))
To select the record back out its really simple:
select Id, name, Docname
from PatientTable where SSN=encryptByKey(Key_GUID('secret'),SSN)
The cipher text will always be the same so it is much more efficient to compare the cipher text's instead of going though and decrypting each one.
if you use the same encryption key you could encrypt your search query string and match against that. Say my password is runrun i encrypt it to ZAXCXCATXCATXCA then when i want to search for a user with password runrun encrypt it first and it will match the table entry.
AFAIK, Most RDBMS do not support this, what I usually see is either:
A) The DB query API encrypts the data with a key that only the local server knows before it is sent to the remote db and decrypts when it's received.
or
B) The remote database stores everything encrypted with a key that it knows (probably at run time, given physically by an admin, or it's given the key with the query).
A will let you use the database without letting the owners know what's being stored, but you wont be able to do queries on the actual encrypted data other than maybe equality. B only protects against physical server theft (server has to be off though or they can get the key from memory...).
What I assume you want is called Private Information Retrieval. It's a fairly young field, I don't think you're going to find a decent implementation at the moment.
You could generate a hash (such as Md5 ) and store the hash value in the db. When you query you can select * from [my table] where value = {md5 hash}