Protecting Password: One-way hash

J

jeanmarc

New member
Local time
Today, 15:53
Joined
Apr 14, 2009
Messages
6
I am looking for a code snippet to be used in MS Access that can enable to hash password supplied at login and store the hash password in the backend database.

Grateful if someone could provide some helping hands.

Thanks
Jean-Marc
 
Here is something simple:


Code: 
Public Function Encrypt(strIn As String, lngKEY as long) As String
Dim strChr As String
Dim i As Integer

For i = 1 To Len(strIn)
strChr = strChr & CStr(Asc(Mid(strIn, i, 1)) Xor lngKEY)
Next i
Encrypt = strChr
End Function
 
HiTechCoach said:
Here is something simple:


Code: 
Public Function Encrypt(strIn As String, lngKEY as long) As String
Dim strChr As String
Dim i As Integer
 
For i = 1 To Len(strIn)
strChr = strChr & CStr(Asc(Mid(strIn, i, 1)) Xor lngKEY)
Next i
Encrypt = strChr
End Function
Click to expand...

Great Function. Thank You Very Much.

HiTechCoach.

any idea how i can implement password complexity, i.e a mix of alphanumeric characters during validate?

Thanks
Jean-Marc
 
Just a fyi- there's a site that lists various algorithm in Visual Basic, including SHA-256 that you can use for your project.

WRT your question, it is best to do it before you hash it. You can do a function:


Code: 
PUblic Function IsComplex(sInput As String) As Boolean

Dim i As Integer

If Len(sInput) > 6 Then
  IsComplex = True
End If

Test1:
If IsComplex Then
    For i = 1 to Len(sInput)
      If IsNumeric(Mid(sInput, i, 1)) Then
          GoTo Test2 'My apologies.
      End If
   Next
   IsComplex = False
End If

Test2:
If IsComplex Then
   For i = 1 to Len(sInput)
       If Not IsNumeric(sInput) Then
           GoTo ExitFunction
       End If
   Next
   IsComplex = False
End If

ExitFunction:
End Function

This function does three tests, the length, and verify there is a numeric character and a non numeric. You can copy one of the block to do another test (e.g. checking for cases of the characters, perhaps). The If/Then is there to help short circuit the process so failing the test will cause us to exit the function speedily with a false result.


Another important thing you should know is that hashing can be vulnerable to dictionary attack using what is known as 'rainbow table' where we store a list of precompiled hash for all dictionary words, so if someone puts in a simple password, e.g. 'apple', we can use rainbow table to match the hash to that of the 'apple'. For that reason, it is not uncommon to "salt" the password prior to the hashing, which means to combine it with a random string (the random string must be same for the same input for this to work) so it's no longer a dictionary word.

Good luck.
 
You must log in or register to reply here.

Similar threads

Rythorian
Hey everyone, I'm Ryo from USA Maine
Replies
1
Views
122
Jon
Jon
M
Solved Password Validation sub
2
Replies
31
Views
961
mikenyby
M
Mylton
Solved Best way to protect VBA code in Excel
2
Replies
20
Views
871
Mylton
Mylton
D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
453
Isaac
Isaac
I
Solved Error -2146232576 in SHA256: Automation error in ms access
Replies
19
Views
2,649
isladogs
isladogs

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom