Last year I wrote about SQL Server 2025’s new PBKDF2 hashing algorithm: what that means from a security perspective, as well as how it impacts online cracking.
And even how to enable it in SQL Server 2022.
Vlad created a module that cracks SQL Server 2025 passwords offline (versus actually connecting to the SQL Server instance itself and extrapolates it to online cracking (connecting to the SQL Server instance and trying different passwords). Vlad has some really good news on the whole and this post serves to explain why Microsoft introduced PBKDF2 as part of the hashing algorithm for SQL Server 2025.