SQL Server: How to retrieve actual value of password encrypted using HASHBYTES

sql-server sql-server-2008 passwords sha1 hashbytes
radha singh picture radha singh · Feb 16, 2016 · Viewed 7.6k times · Source

enter image description here 

insert into Customer(AccountNo,Name,EmailId,MobileNo,[Password],Balance,
                     CustomerKey,OTPPin,CreatedBy,CreatedOn)
values(@AccountNumber,@Name,@EmailId,
       EncryptByPassPhrase(@PassPhrase, CONVERT(nvarchar,@MobileNo)),
       HASHBYTES('SHA1',@Password),@TotalBalance,@CustomerKey,@OTPPin,0,GETDATE())

I am getting inserted value in this formenter image description here

Now I want the password's actual value. How can I get it?

Answer

Andrey Korneyev picture Andrey Korneyev · Feb 16, 2016

Since you've used HASHBYTES('SHA1' on your password - you can't straightforward get back its original value.

SHA1 is one-way hash function.

In fact, you don't need that original value in most cases. Typical usage of hased passwords is not to somehow get original value from hash and compare it with password entered by user, but instead apply hash function to the password entered by user and then compare two hash values.

Related questions

How can I get column names from a table in SQL Server?

I want to query the name of all columns of a table. I found how to do this in: Oracle MySQL PostgreSQL But I also need to know: how can this be done in Microsoft SQL Server (2008 in my case)?

Read More
How to Delete using INNER JOIN with SQL Server?

I want to delete using INNER JOIN in SQL Server 2008. But I get this error: Msg 156, Level 15, State 1, Line 15 Incorrect syntax near the keyword 'INNER'. My code: DELETE FROM WorkRecord2 INNER JOIN Employee ON EmployeeRun=EmployeeNo WHERE Company = '1' …

Read More
How to check if a column exists in a SQL Server table?

I need to add a specific column if it does not exist. I have something like the following, but it always returns false: IF EXISTS(SELECT * FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'myTableName' AND COLUMN_NAME = 'myColumnName') How can …

Read More