Yes, you are correct; they are case-insensitive by
default. You can make them case sensitive by setting your
collation order on installation to be case-sensitive but I
believe the password hashes are still stored in an upper
case and a mixed-case form. Take a look at this paper
written by my colleague David Litchfield for more
>I have noticed to my surprise, that passwords in MS-SQL
using SQL Server
>authentication is case-insenstitive!!! Can somebody
explain this to me?
>Junior System Engineer
>Ericpol Telecom sp. z o.o.
>Targowa 9A, 90-042 Lodz, Poland
>tel: +48 42 6315520
>fax: +48 42 6315555