Compile Error: Overflow (1 Viewer)

Hi,
I am having problem with my code. This code which have been working for me before now just started to throw error of
Compile Error: OverFlow for the following VBA.


Global g_Enabled As Boolean

Public Const salt As Long = 7038117603#

Public Function Encrypt(strIn As String) As String
Dim strChr As String
Dim i As Integer

For i = 1 To Len(strIn)
strChr = strChr & CStr(Asc(Mid(strIn, i, 1)) Xor salt)
Next i
Encrypt = strChr

End Function

Please can someone check and see what I did wrong that is throwing exception.
Thanks

7038117603 is bigger than the long integer limit of 2147483647.
Change to Single or Decimal
Also you have a # at the end.

It appears that you have exceeded the capacity of a Long datatype.

From M$oft.
Long Integer — Use for integers that range from -2,147,483,648 to 2,147,483,647

I tested you routine after dropping 1 digit and it worked fine.

Update: I guess I should have looked to see if there were responses before posting.
Geez --Isladogs is quick.

jdraw said:

Update: I guess I should have looked to see if there were responses before posting.
Geez --Isladogs is quick.

Click to expand...

Guess I'm quicker on the draw than jdraw .... at least on this occasion

With the explicit type specification of LONG, you require that the constant must be in the range of a LONG integer. As has been ably pointed out by my colleagues, the compiler error is because your constant won't FIT in a LONG integer.

Using the XOR method (as good an operator in this context as any other), you limit yourself to INTEGER math which means data types of BYTE, WORD, LONG, or INTEGER. If you had succeeded in making the number have some other format that was like a floating-point number, a conversion would have been forced on the result and there is no telling what you would have gotten. The odds are, though, that it wouldn't have been quite what you expected. And this encryption, because of that automatic type conversion (VBA trying to "make it fit"), would not be reversible. In security parlance, you would have created a non-Hermetian transformation.

But consider this: Your MID(string, position, 1) function extracts one byte (8 bits) at a time. Therefore, a long SALT constant might be of questionable utility anyway. XOR doesn't allow you to have overflows. Each bit is independent. Your ASC(MID()) sequence will return an 8-bit integer stored in a LONG variable because the biggest element in the expression is your LONG constant. Everything else is either part of a string or is a VARIANT returned from a function. So you will have three bytes of 0 and the result of the ASC(MID()) operation, in effect 8 bits long.

Your SALT string of 7038117603, in hex, is &H01A38126E3 (40 bits long). But the bitwise nature of what you are doing means your EFFECTIVE SALT string is just &H0E3 (just 8 bits long) and this might not be the best approach for an effective encryption. Oh, it would reversible - but not that hard to crack.

You might wish to search this forum for articles on encryption, which might point the way to some better methods that would be harder to crack.

Having just tested your encrypt code, it really isn't at all secure.
I removed the final digit from the constant => Public Const salt As Long = 703811760

Then typed ?Encrypt("test") in the Immediate Window
Result: 703811780703811797703811779703811780
Breaking that down into 4 groups (1 for each letter): 703811780 703811797 703811779 703811780

Or 80 97 79 80 which really isn't going to deter anyone for long!

I use the RC4 function which is freely available and is very difficult to crack without knowing the encryption cipher

okay thanks. It now works with my changing Long to Single
Thanks a million

You're welcome but I really don't see the point of using such weak encoding.
It's not appropriate to call it encryption.

Suggest you at least try using RC4 or other 'proper' encryption code.

isladogs said:

Having just tested your encrypt code, it really isn't at all secure.
I removed the final digit from the constant => Public Const salt As Long = 703811760

Then typed ?Encrypt("test") in the Immediate Window
Result: 703811780703811797703811779703811780
Breaking that down into 4 groups (1 for each letter): 703811780 703811797 703811779 703811780

Or 80 97 79 80 which really isn't going to deter anyone for long!

I use the RC4 function which is freely available and is very difficult to crack without knowing the encryption cipher

Code:Copy to clipboard

'####################################################
'# RC4 encryption function
'# Author: Andreas J”nsson http://www.freevbcode.com/ShowCode.asp?ID=4398
'# RC4 is a stream cipher designed by Rivest for RSA Security.
'#
'####################################################

Public Function RC4(ByVal Expression As String, ByVal Password As String) As String
    On Error Resume Next
    
    Dim rb(0 To 255) As Integer, x As Long, Y As Long, z As Long, Key() As Byte, ByteArray() As Byte, temp As Byte
    
    If Len(Password) = 0 Then
        Exit Function
    End If
    If Len(Expression) = 0 Then
        Exit Function
    End If
    
    If Len(Password) > 256 Then
        Key() = StrConv(Left$(Password, 256), vbFromUnicode)
    Else
        Key() = StrConv(Password, vbFromUnicode)
    End If
    
    For x = 0 To 255
        rb(x) = x
    Next x
    
    x = 0
    Y = 0
    z = 0
    For x = 0 To 255
        Y = (Y + rb(x) + Key(x Mod Len(Password))) Mod 256
        temp = rb(x)
        rb(x) = rb(Y)
        rb(Y) = temp
    Next x
    
    x = 0
    Y = 0
    z = 0
    ByteArray() = StrConv(Expression, vbFromUnicode)
    For x = 0 To Len(Expression)
        Y = (Y + 1) Mod 256
        z = (z + rb(Y)) Mod 256
        temp = rb(Y)
        rb(Y) = rb(z)
        rb(z) = temp
        ByteArray(x) = ByteArray(x) Xor (rb((rb(Y) + rb(z)) Mod 256))
    Next x
    
    RC4 = StrConv(ByteArray, vbUnicode)
    
End Function

Click to expand...

----------------------------------------------------------------------------------------------------------------------------------
Sorry to trouble you again, please how do I call up this routine in any form or use it to convert any text to encrypted format

Depending on how secure you need this to be, you should be aware that even RC4 is considered unacceptably insecure today. In fact, its use is actually prohibited now in TLS, as the encryption key can actually be reconstructed from encrypted text.

Frothy is perfectly correct that RC4 is not considered strong enough for publicly encrypted data. The RC4 encryption algorithm has been available for over 20 years and inevitably some vulnerabilities have been discovered over the years. See https://en.wikipedia.org/wiki/RC4#cite_note-rfc7465-3

Nevertheless for your purposes, its highly likely that it will be more than adequate.
Compared to what you were using its very secure indeed.
Its way beyond my skill level to crack the encrypted values without knowing the cipher used

The stronger you make your encryption cipher and the more complex the text string, the better the results.
For obvious reasons, do not store the cipher in the database itself!

To use this, first place the RC4 code in a standard module.
OPTIONAL: add the following functions which are useful to test the outcomes


Here are the results encrypting 'Moore71Developer' with 4 different passwords


The attached database contains the modEncryption module, a test table and 2 test queries

Any questions, get back to me

Colin,

I take it, that this is one way encryption?

IE, one could not encrypt an address to a table for example and then decrypt it to present on a form for amendment in plain english?

It can be decrypted just fine, assuming you have the correct encryption key (or access to a large enough sample of encrypted files and know how to set up a Fluhrer, Mantin and Shamir attack).

What you're thinking of sounds more like hashing, and that's not what this does.

Sorry, I just saw all of Colin's post :banghead:

okay thanks. It now works with my changing Long to Single

Click to expand...

Be warned that you might be shooting yourself in the foot. When you change that value from LONG to SINGLE, there is a MASSIVE binary format conversion involved and your key pattern is NOT what you might expect it to be. It is OK to pick a number, but if you are fixated on that particular sequence, you should also know that you are truncating it.

If you are using a SALT of 7038117603 converted to SINGLE format, this will probably become the same as 7.038117E+9 (that's 7 digits, losing the ...603 portion). The mantissa will be whatever that sequence represents, but the exponent (about 2/3 of the bit pattern) will be predictable if you know the length of the original key sequence. The XOR might still work, might not. Having a predictable first byte will have the effect of drastically reducing the effectiveness of this cypher.

Frothingslosh said:

It can be decrypted just fine, assuming you have the correct encryption key (or access to a large enough sample of encrypted files and know how to set up a Fluhrer, Mantin and Shamir attack).

Click to expand...

Frothy
You're even better at reading Wikipedia than I am.
Do you know how to do an FMS attack?

If like most of us you don't know how to do an FMS attack, the encryption is almost impossible to crack without the key. I've been using RC4 in my apps for over 10 years. Each app has different key(s). In all that time, nobody has cracked the encryption used.

Nevertheless, if a small fortune could be made by doing so, someone would of course have cracked the code by now.
As already stated, RC4 is likely to be suitable if Access is appropriate to store your data.
If your data is mission critical, use something else.

Here are a couple of references regarding encryption of selected text in a VB environment. They show why this is rarely done in Access.

https://docs.microsoft.com/en-us/do...walkthrough-encrypting-and-decrypting-strings

https://gist.github.com/JonTheNiceGuy/44d8aa94da0a56841202

https://www.arkmicrosystems.com/Art...yption and decryption using ms access vba.php

Search the web for the topic: Encryption and Decrypting using VBA

It IS possible to use DES/AES methods to get really good encryption, but there can be a price to pay in speed and complexity of code. For the uninitiated, DES is "Data Encryption Standard" and "AES" is "Advanced Encryption Standard" - both designations originating from U.S. Government standards organizations. The U.S. Navy required their use in certain contexts so I had to know about them.

isladogs said:

Frothy
You're even better at reading Wikipedia than I am.
Do you know how to do an FMS attack?

If like most of us you don't know how to do an FMS attack, the encryption is almost impossible to crack without the key. I've been using RC4 in my apps for over 10 years. Each app has different key(s). In all that time, nobody has cracked the encryption used.

Nevertheless, if a small fortune could be made by doing so, someone would of course have cracked the code by now.
As already stated, RC4 is likely to be suitable if Access is appropriate to store your data.
If your data is mission critical, use something else.

Click to expand...

Actually, I started looking into it once a long time ago, although I'd forgotten the name of the attack until you handily linked that Wikipedia file. It was mostly out of curiosity at the time, as I was curious at the time why WEP was suddenly verboten. But no, I never did nail down how to do it. Never really felt the need to.

EDIT: Also, I was encrypting and decrypting a few things for one employer for a few years about then, so it kind of piqued my interest in encryption schemes for a couple years.