The hashed value of a string is ALWAYS different each time you hash it.
The system clock is often used as part of the seed for the hashed value.
In other words....one-way.
What you want is encryption/decryption.
I've often used the cf_crypt custom tag (adjusted to use AES instead of
the default CF uses).
HTH
Cheers
On Wed, 2010-07-21 at 14:03 -0400, Torrent Girl wrote:
> Hello
>
> I have converted user passwords to a hash value using SQL hashbytes.
>
> When I go to test the login, the value of both the hashed value in the
> database and the hashed user input value do not match.
>
> I am using a stored proc on the login and here is the SQL:
>
> SELECT @intMemberID=ISNULL((SELECT intMemberID FROM tblMembers WHERE
> strusername...@strusername AND strPasswordII=
> HashBytes('MD5',Convert(nvarchar,'@strPassword'))),0)
>
> The column in a varbinary(max) column.
>
> Any help would be greatly appreciated.
>
> Thanks
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: http://www.houseoffusion.com/groups/sql/message.cfm/messageid:3361
Subscription: http://www.houseoffusion.com/groups/sql/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/sql/unsubscribe.cfm
