MySQL on Windows: Using SHA-2

Question

I need to store sensitive data (usernames and passwords) and wanted to do things the right way (storing SHA-256 hashes of (password).(large random number) instead of cleartext passwords. This needs to be done using MySQL and, as far as i know, only MySQL 6 plans to incorporate SHA-2, hence i assume some kind of external application needs to be setup; I would like to make a stored procedure that would calculate the hash of the password (concatenated with the nonce) and store it.

In your opinion, what would be the best way to implement this? I've read a few post here on Stackoverflow and i'm currently heading towards Perl.

Cheers, Hal

PS: OS -> Windows Server 2008

EDIT: damn editor, won't show the correct text. Fixed.

EDIT2: I am not trying to make my own version of SHA2, although it would certainly be fun; i need to use it on a stored procedure in order to hash the original password and I'm just not sure what external module/application/library I should use.

Answer 1

Your language of choice more than likely provides an implementation of SHA-256. Do not write your own implementation. That is just asking for trouble.

If you posted what your programming language is, I'm sure people would be more than happy to post back with links to documentation for that language.

PS: If you don't have a language in mind already, here's a PHP script I wrote a while back:

Ok, so apparently I lost it. But here is a simpler version:

<?php echo hash("sha256", file_get_contents("php://input"))."\n" ?>

And then you can call it like:

php hash.php

Then type in your information and close inpute (ctrl-x? on Windows)

Answer 2

MySQL 5.5 supports SHA2. http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_sha2