best datatype to save password

best datatype to save password

• paveyard

  SHA256 would probably be stronger than most expect.
  http://msdn2.microsoft.com/en-us/library/system.security.cryptography.sha256.aspx

  Store it as varbinary(32)

  
  
  

• Richard Michaels

  If you send it in clear text to the server and then checks for it anyone that has access to the connection between your application and server would be able to have a look at the password. The best practive would be to use a recognized one way hashing algorithm and send only that over the connection.

  This way it will be up to your application to hash and match password and snooping on the line will be less interesting for hackers.

  
  
  

• Eric Kiersky

  dose this mean SQL Server dosen't have a ready encrypted datatype

  if yes, what would be the best way to encrypt if i am using C#

  thanks.

  
  
  

• Christian Liensberger - INACTIVE

  An SHA256 hash (or any hash, for that matter) of the password
  alone is completely insecure unless strong passwords or pass
  phrases are used. Although SHA256 is technically a "one-way"
  transformation, in reality, it is easy to decode if the plain
  text is just a word. All that's necessary is to search for
  the hashed password in a dictionary of the SHA256 hashes of
  the million most common words.
  
  SHA256 is a reasonable choice as a message digest to signal
  unauthorized changes to the message, but it is not intended
  or useful for encoding single words.
  
  Steve Kass
  Drew University
  
  Andreas Johansson@discussions.microsoft.com wrote:
  
  > SHA256 would probably be stronger than most expect.
  > http://msdn2.microsoft.com/en-us/library/system.security.cryptography.sh
  > a256.aspx
  > 
  > Store it as varbinary(32)
  > 
  > 
  

  
  

• Baumbart

  Can nothing but agree, it is important to use strong passwords.

  http://en.wikipedia.org/wiki/Password_strength

  
  
  
• best datatype to save password