08-17-2012, 11:45 PM
Please include the SQL 2012 password hash; it's identical to 2005, except
0x0200 as an ID instead of 0x0100
SHA-512 instead of SHA1
i.e. a sanitized test version run on SQL Server itself shows the same "convert to unicode, covert that to binary, append the salt to the end, then hash it once and only once and prepend the identifier" algorithm.
-- SQL Server 2012
select pwdencrypt('password')
-- 0x0200^^^^^^^^********************************************************************************************************************************
-- salt hash
select HASHBYTES('SHA2_512', CONVERT(VARBINARY,N'password') + CAST(0x^^^^^^^^ AS VARBINARY(32)))
select HASHBYTES('SHA2_512', CONVERT(VARBINARY,N'password') + CAST(0x^^^^^^^^ AS VARBINARY(32)))
0x0200 as an ID instead of 0x0100
SHA-512 instead of SHA1
i.e. a sanitized test version run on SQL Server itself shows the same "convert to unicode, covert that to binary, append the salt to the end, then hash it once and only once and prepend the identifier" algorithm.
-- SQL Server 2012
select pwdencrypt('password')
-- 0x0200^^^^^^^^********************************************************************************************************************************
-- salt hash
select HASHBYTES('SHA2_512', CONVERT(VARBINARY,N'password') + CAST(0x^^^^^^^^ AS VARBINARY(32)))
select HASHBYTES('SHA2_512', CONVERT(VARBINARY,N'password') + CAST(0x^^^^^^^^ AS VARBINARY(32)))