It is widely know that an SQL Server uses an undocumented function, pwdencrypt() to produce a hash of the user’s password, which is stored in the sysxlogins table of the master database. However what has not been discussed are the details of the pwdencrypt() Function.
This paper will cover the pwdencrypt function in detail and demonstrate some weaknesses in the way the SQL Server stores the password hash.