Skip to main content

To N or Not To N, That is The Question?

In Microsoft SQL Server you can hash using T-SQL[1]:

declare @hash varchar(200)
set @hash = '15174141714252'
print hashbytes('MD5', @hash)

This is a nifty feature, of course, because you can now send your passwords over the unsecured SQL connection and do your hashing on the server. Secure your connection [2], please, before doing this.

Note the use of varchar(200) in the code block. The Microsoft sample shows the use of nVarChar. Does it matter what we use? Turns out, yes. The code block above returns:

0x5B17965D4E33B04FD8848E536165D013

That is also the same hash produced using System.Encoding.GetBytes(blah) and the .NET MD5 digest provider.

If you opt to use nVarChar:

declare @hash nvarchar(200)
set @hash = convert(nvarchar(200), '15174141714252')
print hashbytes('MD5', @hash)
You will get something different:

0xBA48394E1385A2C633AB7F8339231B56
nVarChar and nChar use Unicode encoding [3] to process the string bytes. The default encoding on your system may not be Unicode, so you have to be especially careful. If you used nvarchar in your update command, but varchar in your stored procedure that took the password in plain text, you would likely produce a bunch of hashes that will not match.

[1] https://msdn.microsoft.com/en-us/library/ms174415.aspx
[2] https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
[3] https://msdn.microsoft.com/en-us/library/ms186939.aspx

Popular posts from this blog

The Spinning Brain

Intuition is a phenomenon of the biological brain that doesn't have any physical explanation. Many people experience intuition with varying degrees of success. There are a variety of theories regarding intuition [1] and some people regard intuition with much caution [2] . Yet, I am happily in the camp that has learned to respect my intuition as it has proven time and time again to be correct. Recently, though, I'd been thinking about intuition and soothsaying . There are many cases of people who claim to see the future, whatever that might be. Maybe there is something to be said about this mystical phenomenon. Maybe there is a real physical process at work that we just haven't thought of yet. To this end, I am proposing a theory about human intuition. This theory, though requires some background in quantum mechanics . Specifically, quantum entanglement . I'm not the only person who has theorized about quantum entanglement and its role in biological congnition and th...
Read more

AI or AI, Which Is It?

Artificial Intelligence, a noun that has become a household term. Most refer to it as AI, which is less of a mouthful. Where and when did this term become real? [1] Apparently John McCarthy coined this phrase in 1956 at a conference.  Vannevar Bush and Alan Turing both mused about computers being intelligence and being able to enhance human intelligence or even simulate human-like thinking. Is this thinking really "artificial" though? To suggest it being artificial would imply that there is a non-artificial type of intelligence. Otherwise, there is just intelligence, or thinking, or cognition.  The famous Turing Test may be the source of this "artificial" notion. If there is an intelligent series of responses to a human interaction, and those responses are created using a computer program, then that is considered artificial.  On a philosophical note, though, the programs are written by humans. Those programs, using rules given by humans, are creating responses that ...
Read more

HP Web Site Failure

The HP site for buying stuff on their Labor Day Sale is broken. I tried it on other computers and each had the same result. Not sure if HP was able to sell anything on their big sale weekend, but I couldn't buy anything. Funny part was the feedback widget that didn't work. Not only could I not buy anything from HP but I couldn't report the problem I was having. Maybe someone at HP could run this through QA again.
Read more