How does SQL Server store passwords

SAITAMA JASOMAYA 1 Reputation point
2021-05-28T07:40:45.463+00:00

Hi,
We are using SQL Server 2012 to 2019. Are the passwords stored for the SQL Logins default as salted hashes using PBKDF2 password algorithm configured with a cost factor of at least 10,000 iterations (if not, what is the value?). Is the salt used by password hashing algorithm have the following attributes:
a) Generated using a cryptographically secure random number generator such as those described in the NIST SP 800-90Ar1, and ISO/IEC 19790:2012 standards
b) At least 64-bits long; and
c) Randomly generated for each system account.

SQL Server Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sean Gallardy - MSFT 1,901 Reputation points Microsoft Employee
    2021-05-29T17:21:54.717+00:00

    The details of how SQL Server stores the hashes are not publicly documented and may change between version and or cumulative updates. SQL Server currently meets secure computing regulations and standards.

    -Sean

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.