Cryptographic hash algorithms such as
DSA (which uses
SHA-1 are no longer considered secure, because it is too easy to create hash collisions with them (little
computational effort is enough to find two or more different inputs that produces the same hash).
Ask Yourself Whether
The hashed value is used in a security context like:
- User-password storage.
- Security token generation (used to confirm e-mail when registering on a website, reset password, etc ...).
- To compute some message integrity.
There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
Safer alternatives, such as
bcrypt are recommended, and for password
hashing, it's even better to use algorithms that not compute too "quickly", like
bcrypt instead of
SHA-256, because it slows
brute force and dictionary based attacks.
Sensitive Code Example
SELECT HASHBYTES('SHA1', MyColumn) FROM dbo.MyTable;
SELECT HASHBYTES('SHA2_256', MyColumn) FROM dbo.MyTable;