08-21-2012, 11:46 PM
(08-21-2012, 11:22 AM)radix Wrote: I've added this even though SQL documentation advises against using pwencrypt to hash passwords (bad admins will bad admin). Should be available in the next release of hashcat cpu.
Thank you very much for adding this to hashcat! I look forward to using the new version, and I hope to see it make it into the oclHashcat family in the future as well.
I would note that admins have no choice if they need to use something other than Windows Authentication. All SQL Server (SQL Authentication) usernames have the passwords stored in sys.syslogins, and all of those passwords are hashed by SQL Server using pwdencrypt. I was hoping for an RFC2898 implementation if they were upgrading at all, but it looks like Microsoft was happy just changing the hash algorithm.