OK, you are using a method that compares hashed passwords rather than literal passwords. It makes sense, but be aware that if someone is tapping your transmission and you are not using HTTPS or TLS or SFTP or some other secured / encrypted method, your password hash is no more secure than sending the literal password. OK, I know it is a requirement for your situation, just commenting.
The Crypto API can generate an MD5 hash. The second reference I listed shows you some VBA code on how to do that.