Encrypt passwords

Can anyone tell me the best way to encrypt password in a
SQL Server 2000 database? We are using IIS 5.0 and MS
Interdev. Hopefully, we will be moving to .Net in the
next couple of months, but for now I still need to find a
way to encrypt passwords in the current application.See: Storing Database Connection Strings Securely
http://msdn.microsoft.com/library/d...-us/dnnetsec/ht
ml/SecNetch12.asp
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||take a look at www.xpcrypt.com|||"Michelle" <michelle.vanden@.eglin.af.mil> wrote in message
news:0b4b01c3c57a$ae8db3b0$a601280a@.phx.gbl...

quote:

---

> Can anyone tell me the best way to encrypt password in a
> SQL Server 2000 database? We are using IIS 5.0 and MS
> Interdev. Hopefully, we will be moving to .Net in the
> next couple of months, but for now I still need to find a
> way to encrypt passwords in the current application.

---

Assuming you would like to store the password in an encrypted format
(as opposed to transmitting the data securely over the wire)
I found the following article to be helpful:
http://www.sqlmag.com/Articles/Index.cfm?ArticleID=9809
I have used the method described successfully in a coldfusion application
using SQL Server 2000, and
the article is written for both 7.0 and 2000.
Benefit is, it's completely native to SQL, no 3rd party software to muck
about with.
xpcrypt does appear to be more robust from a security perspective (stronger
encryption algorithms, etc.)
but if all you want to do is not have plain text in the database,
pwdencrypt() should work fine.
Regards,
Jason