Dave Litchfield at Next Generation Security Software has released an interesting whitepaper, Microsoft SQL Server Passwords: Cracking the password hashes. It analyzes the pwdencrypt() function, which produces a hash of users’ passwords for storage in the system database. The problem is that the salt used to generate the hash is insecurely time dependent, and based on an all-uppercase version of the password. This makes dictionary attacks quite easy, and the paper includes a simple C program to do just that. No response from Microsoft yet.