Generating a hash code value

[mike55]

Hi

 

I use the command .GetHashCode() to generate a hash value for my users passwords, which is then compared against a hash code stored in a database when logging my users in. I have a forgot password option, which allows the user to submit their username and their email address, which then generates a new password and emails the value to the user. The procedure also updates the database with the new password. I need to get a hash code value of the new password in sql server as I do not want to return the new password to my vb.net app and hash the password and call a new database procedure.

 

Therefore, does sql server 2005 have some sort of hash function? Or is there an alternative means of generating a new password for my user?

 

Mike55.

[PlausiblyDamp]

.GetHashCode() doesn't perform a hash of the value - you need to use one of the classes under System.Security.Cryptography instead.

 

Why do you not get the vb app to generate the new password, hash it and then send that hash to SQL rather than requiring SQL to perform the hash?

[mike55]

Yea, I think that that is the most effective way to proceed.

 

Thanks PlausiblyDamp.

 

Mike55.

[snarfblam]

Either way, a standard hashing algorithm would be best, such as MD5. If you have to do hashing on both ends you know the result will be the same in both places.