You are correct if you are hashing a Password+Random_Seed value, but usually this is not the case.
The hashed value of the same string is ALWAYS THE SAME. That's why password hashes don't really help because of rainbow tables, which lists common passwords and their hashes. A prime example of an MD5 hash is "5F4DCC3B5AA765D61D8327DEB882CF99" which is the MD5 hash for "password" If you see this in a hash column, then that user's password is "password". This is always the MD5 hash of "password", unless you concatenate a seed value to it. That is why when you store a hash, you should also store what's called a SALT value, which essentially should be concatenated to the password when the hash is made. Here is a more thorough explanation: http://www.mail-archive.com/[email protected]/msg04775.html Going back to the Torrent Girl's question, this SQL code worked for me (it should output the second row, the row with 'password11'): CREATE TABLE #xTable ( ID INT IDENTITY(1,1) PRIMARY KEY, strPasswordII VARBINARY(MAX) ) INSERT INTO #xTable (strPasswordII) SELECT HASHBYTES('MD5',CONVERT(nvarchar,'password00')) INSERT INTO #xTable (strPasswordII) SELECT HASHBYTES('MD5',CONVERT(nvarchar,'password11')) INSERT INTO #xTable (strPasswordII) SELECT HASHBYTES('MD5',CONVERT(nvarchar,'password22')) SELECT * FROM #xTable WHERE strPasswordII = HASHBYTES('MD5',CONVERT(nvarchar,'password11')) DROP TABLE #xTable Bryan Stevenson wrote: > The hashed value of a string is ALWAYS different each time you hash it. > The system clock is often used as part of the seed for the hashed value. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/sql/message.cfm/messageid:3364 Subscription: http://www.houseoffusion.com/groups/sql/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/sql/unsubscribe.cfm
