SQL Server password case-sensitivity

SQL Server password case-sensitivity

Post by Jakub Jablonsk » Tue, 10 Sep 2002 17:29:21



Hello,
I have noticed to my surprise, that passwords in MS-SQL using SQL Server
authentication is case-insenstitive!!! Can somebody explain this to me?

Regards,
Jakub Jablonski

--
_____________________________________________
Jakub Jablonski
Junior System Engineer
Ericpol Telecom sp. z o.o.
Targowa 9A, 90-042 Lodz, Poland

mobile:
tel: +48 42 6315520
fax: +48 42 6315555
http://www.ericpol.pl/
_____________________________________________

 
 
 

SQL Server password case-sensitivity

Post by Chris Anle » Tue, 10 Sep 2002 20:29:04


Hi Jakub,

Yes, you are correct; they are case-insensitive by
default. You can make them case sensitive by setting your
collation order on installation to be case-sensitive but I
believe the password hashes are still stored in an upper
case and a mixed-case form. Take a look at this paper
written by my colleague David Litchfield for more
information:

http://www.nextgenss.com/papers/cracking-sql-passwords.pdf

Cheers,
Chris Anley
NGSSoftware

>-----Original Message-----
>Hello,
>I have noticed to my surprise, that passwords in MS-SQL
using SQL Server
>authentication is case-insenstitive!!! Can somebody
explain this to me?

>Regards,
>Jakub Jablonski

>--
>_____________________________________________
>Jakub Jablonski
>Junior System Engineer
>Ericpol Telecom sp. z o.o.
>Targowa 9A, 90-042 Lodz, Poland

>mobile:
>tel: +48 42 6315520
>fax: +48 42 6315555
>http://www.ericpol.pl/
>_____________________________________________

>.


 
 
 

1. Question on Scope of Case-Sensitivity on a Case-Sensitive SQL Server 7.0/2000

We are planning on setting up a development SQL Server with Case-Sensitive
sort order.  We have never had this configuration before and I have a few
questions, that BOL did not answer:

1.  Are all database object ( table, procedure and column names, etc.. )
case sensitive as well?

2.  Are SQL Server reserved words case sensitive (i.e. SELECT, INSERT, etc).

3.  Are built in functions like GETDATE() and SUSER_SNAME() case sensitive?

Thanks,

Tom

2. Locking in a multitable DM

3. Field used for passwords (Case Sensitivity)

4. Write CSV file from Univision

5. Case sensitivity for table and column names for MS SQL Server 6.5

6. Run out of QSF

7. Case-sensitivity in SQL Server 6.5

8. jdbc thin driver limitations

9. SQL Server 2000- Case Sensitivity

10. Identifying Case-Sensitivity of SQL Server

11. Case sensitivity in SQL Server 6.5

12. Changing the Font and Case Sensitivity of SQL Server without reinstalling

13. SQL-Server Case Sensitivity Q