The details of how SQL Server stores the hashes are not publicly documented and may change between version and or cumulative updates. SQL Server currently meets secure computing regulations and standards.
-Sean
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
We are using SQL Server 2012 to 2019. Are the passwords stored for the SQL Logins default as salted hashes using PBKDF2 password algorithm configured with a cost factor of at least 10,000 iterations (if not, what is the value?). Is the salt used by password hashing algorithm have the following attributes:
a) Generated using a cryptographically secure random number generator such as those described in the NIST SP 800-90Ar1, and ISO/IEC 19790:2012 standards
b) At least 64-bits long; and
c) Randomly generated for each system account.
The details of how SQL Server stores the hashes are not publicly documented and may change between version and or cumulative updates. SQL Server currently meets secure computing regulations and standards.
-Sean