Security Basics mailing list archives

RE: SQL Storing Passwords?

From: Greg Merideth <gmerideth () uclnj com>
Date: Thu, 30 Aug 2012 13:07:20 +0000
If it ends in an "=" sign it's more than likely base64 encoded text.  It could have been encrypted before and then 
stored in base64 so it may be gibberish but try running it through a base64 decoder and see what you get.


.:.:.:.:.:.:.
Greg Merideth
President/Chief Problem Solver
United Computer Technologies
gmerideth () uclnj com
http://www.facebook.com/uclnj

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jim.jones12 () gmail com
Sent: Wednesday, August 29, 2012 4:49 PM
To: security-basics () securityfocus com
Subject: SQL Storing Passwords?

Hello,
I'm looking for so help, i've come across a user table within SQL 2008 that contains two columns "Pwd" & "Key" and 
concerned they may contain our users Active Directory credentials.  The Pwd column contains what appears to be a 40 
character hash (uppercase) and the Key column has a random 8 character key that ends in "=".  I've tried running the 
Pwd string through crackstation.net but to not avail.  The same user tables also contains a column for username and 
full name.  I guess with the recent Linkedin and Philips hack I may be a little over paranoid.

Could someone point me in the right direction on what I can to do validate this information?

Thanks,
Jim

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Current thread:

SQL Storing Passwords? jim . jones12 (Aug 30)
- RE: SQL Storing Passwords? Greg Merideth (Aug 30)