Security Basics mailing list archives

RE: SQL stored procedures encryption strength

From: "Kelley, Brian" <BKelley () AgFirst com>
Date: Fri, 12 Nov 2004 14:50:27 -0500

-----Original Message-----
From: Bénoni MARTIN

I was wondering how secure is the encryption used for stored 
procedures in SQL Server 2000. I mean, when I create a 
procedure like this:


Tools for cracking the encryption are readily available. There's a script by shoeboy that uses ALTER PROC to reveal the 
code and there's a tool by dOMNAR which can crack any of the encrypted objects without much trouble. dOMNAR's dSQLSRVD 
requires sa rights. shoeboy's script does not.

dSQLSRVD: http://www.geocities.com/d0mn4r/dSQLSRVD.html
shoeboy's script: http://seclists.org/lists/bugtraq/2001/Dec/0195.html

Current thread:

SQL stored procedures encryption strength Bénoni MARTIN (Nov 12)
- Re: SQL stored procedures encryption strength John Kennison (Nov 15)
- <Possible follow-ups>
- RE: SQL stored procedures encryption strength Kelley, Brian (Nov 15)
- RE: SQL stored procedures encryption strength Dante Mercurio (Nov 15)