I am looking for a code snippet to be used in MS Access that can enable to hash password supplied at login and store the hash password in the backend database.
Grateful if someone could provide some helping hands.
Public Function Encrypt(strIn As String, lngKEY as long) As String
Dim strChr As String
Dim i As Integer
For i = 1 To Len(strIn)
strChr = strChr & CStr(Asc(Mid(strIn, i, 1)) Xor lngKEY)
Next i
Encrypt = strChr
End Function
Public Function Encrypt(strIn As String, lngKEY as long) As String
Dim strChr As String
Dim i As Integer
For i = 1 To Len(strIn)
strChr = strChr & CStr(Asc(Mid(strIn, i, 1)) Xor lngKEY)
Next i
Encrypt = strChr
End Function
Just a fyi- there's a site that lists various algorithm in Visual Basic, including SHA-256 that you can use for your project.
WRT your question, it is best to do it before you hash it. You can do a function:
Code:
PUblic Function IsComplex(sInput As String) As Boolean
Dim i As Integer
If Len(sInput) > 6 Then
IsComplex = True
End If
Test1:
If IsComplex Then
For i = 1 to Len(sInput)
If IsNumeric(Mid(sInput, i, 1)) Then
GoTo Test2 'My apologies.
End If
Next
IsComplex = False
End If
Test2:
If IsComplex Then
For i = 1 to Len(sInput)
If Not IsNumeric(sInput) Then
GoTo ExitFunction
End If
Next
IsComplex = False
End If
ExitFunction:
End Function
This function does three tests, the length, and verify there is a numeric character and a non numeric. You can copy one of the block to do another test (e.g. checking for cases of the characters, perhaps). The If/Then is there to help short circuit the process so failing the test will cause us to exit the function speedily with a false result.
Another important thing you should know is that hashing can be vulnerable to dictionary attack using what is known as 'rainbow table' where we store a list of precompiled hash for all dictionary words, so if someone puts in a simple password, e.g. 'apple', we can use rainbow table to match the hash to that of the 'apple'. For that reason, it is not uncommon to "salt" the password prior to the hashing, which means to combine it with a random string (the random string must be same for the same input for this to work) so it's no longer a dictionary word.