how do i format my password field into md5 encryption

[hex6007]

hello guys,

i created a users table. in the password field, how do i format it to md5? i use the datatype = varchar.
pls help..

thanks in advance

 

[SimonEireconsulting]

use the function HASHBYTES('MD5', 'password goes here')

So, if you have a table of user names and passwords run the update:

UPDATE tUsers SET [Password] = HASHBYTES('MD5', [Password])

This will encode all the password to begin with.

Then, if you have a log in page calling a stored procedure to log the user in and the stored procedure has parameters @Username and @Password, use:

IF EXISTS (SELECT UserID FROM tUsers WHERE Username = @Username AND [Password] = HASHBYTES('MD5', @Password))
' username and password found
ELSE
' username and password not found

I have very recently had this discussion with a customer of mine, and he insisted on us using HASHBYTES for passwords.

I disagreed as this is no more secure than using plain text passwords. I wrote a little loop to query the database on different combinations of HASHBYTES data and I found a password randomly entered by a colleague - unseen to me.

 

[hex6007]

wow cool..thanks a lot simon.

now i understand more of this...

best