I'm storing hashed passwords, and when you rehash the same value, you should get the same string. That's how you can check the validity of the password. UUID changes over time, hash does not as long as you are using the same algorithm.
I've noticed occasional quirkyness storing these values, however, so if someone has some insight... -----Original Message----- From: Bryan Stevenson [mailto:[email protected]] Sent: Wednesday, July 21, 2010 2:27 PM To: sql Subject: Re: Hashed value in DB not matching hashed value of user login The hashed value of a string is ALWAYS different each time you hash it. The system clock is often used as part of the seed for the hashed value. In other words....one-way. What you want is encryption/decryption. I've often used the cf_crypt custom tag (adjusted to use AES instead of the default CF uses). HTH Cheers On Wed, 2010-07-21 at 14:03 -0400, Torrent Girl wrote: > Hello > > I have converted user passwords to a hash value using SQL hashbytes. > > When I go to test the login, the value of both the hashed value in the > database and the hashed user input value do not match. > > I am using a stored proc on the login and here is the SQL: > > SELECT @intMemberID=ISNULL((SELECT intMemberID FROM tblMembers WHERE > strusername...@strusername AND strPasswordII= > HashBytes('MD5',Convert(nvarchar,'@strPassword'))),0) > > The column in a varbinary(max) column. > > Any help would be greatly appreciated. > > Thanks > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/sql/message.cfm/messageid:3363 Subscription: http://www.houseoffusion.com/groups/sql/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/sql/unsubscribe.cfm
