http://blogs.msdn.com/lcris/archive/2007/04/30/sql-server-2005-about-login-password-hashes.aspxThere seem to be a couple of misconceptions around the SQL Server handling of login passwords. Hopefully, by the end of this post, you will have a much clearer idea about what is going on under the covers. Note that this refers to the passwords of loginsen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/lcris/archive/2007/04/30/sql-server-2005-about-login-password-hashes.aspx#8408557Fri, 18 Apr 2008 20:48:38 GMT91d46819-8472-40ad-a661-2c78acb4018c:8408557lcris<p>Re: <a rel="nofollow" target="_new" href="http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3195675&amp;SiteID=1">http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=3195675&amp;SiteID=1</a></p> <p>The Snefru password hashes were simple blobs without any structure - the only integrity check possible on them is a length check (16 bytes). MD5 hashes happen to produce blobs of the same size that Snefru produced, so they can be passed as arguments to CREATE LOGIN, but this does not mean you will be able to login into those accounts using the passwords from which the MD5 hashes were obtained.</p>