Protecting Password: One-way hash (1 Viewer)

I am looking for a code snippet to be used in MS Access that can enable to hash password supplied at login and store the hash password in the backend database.

Grateful if someone could provide some helping hands.

Thanks
Jean-Marc

Here is something simple:

HiTechCoach said:

Here is something simple:

Code:Copy to clipboard

Public Function Encrypt(strIn As String, lngKEY as long) As String
Dim strChr As String
Dim i As Integer
 
For i = 1 To Len(strIn)
strChr = strChr & CStr(Asc(Mid(strIn, i, 1)) Xor lngKEY)
Next i
Encrypt = strChr
End Function

Click to expand...

Great Function. Thank You Very Much.

HiTechCoach.

any idea how i can implement password complexity, i.e a mix of alphanumeric characters during validate?

Thanks
Jean-Marc

Just a fyi- there's a site that lists various algorithm in Visual Basic, including SHA-256 that you can use for your project.

WRT your question, it is best to do it before you hash it. You can do a function:



This function does three tests, the length, and verify there is a numeric character and a non numeric. You can copy one of the block to do another test (e.g. checking for cases of the characters, perhaps). The If/Then is there to help short circuit the process so failing the test will cause us to exit the function speedily with a false result.


Another important thing you should know is that hashing can be vulnerable to dictionary attack using what is known as 'rainbow table' where we store a list of precompiled hash for all dictionary words, so if someone puts in a simple password, e.g. 'apple', we can use rainbow table to match the hash to that of the 'apple'. For that reason, it is not uncommon to "salt" the password prior to the hashing, which means to combine it with a random string (the random string must be same for the same input for this to work) so it's no longer a dictionary word.

Good luck.