问题
I have a SQL Server 2014 table filled with MD5 hashses generated by php using the php $hash = md5($password); command. Now that we are moving to a tighter security model, I would like to be able to within a Stored Procedure take a password and match it to the previously stored md5 hash.
Problem comes when the md5 hash returned by SQL is different than the one returned by php.
When I use
SELECT username,
[password],
master.sys.fn_varbintohexsubstring(0, HASHBYTES('MD5', CONVERT(VARCHAR(32), [password])), 1, 0) AS Test,
HASHBYTES('MD5', [password]) AS MD5
FROM myTable
WHERE username=@username
I get:
Password = 28d744960521b00fd7c4a9e7e7d4d3a3,
Test = 172b078903f8f16098fea3df31ee8989, and
MD5 = 0x172B078903F8F16098FEA3DF31EE8989
The MD5 expression is normal tsql and the Test expression I got online, but as you can see, neither of their results equal what I originally stored from php's md5() expression.
Any idea why these are different, and better yet, is there a way I can format the tsql command to give me a match on the stored php md5 value?
回答1:
My apologies! I was sending the value [password] to the sql hash sequence not the inputted variable @password! So I was receiving in Test and MD5 a hash of a hash, not the hash of the original password.
Interestingly enough, the fancy master.sys.fn_varbintohexsubstring(0, HASHBYTES('MD5', CONVERT(VARCHAR(32), [password])), 1, 0) is needed to remove the leading 0x to get the right match.
来源:https://stackoverflow.com/questions/35906413/how-can-i-get-a-sql-server-md5-hash-to-match-a-previous-php-md5-hash