russell12
asked on
encrypting password ms access db
I am trying to make a password field encrypted, and have spent a couple of hrs looking for the solution, and can not! I have a table with a field (password) and the datatype is nvchar(50). Can someone point me in the correct direction to do a simple encryption. I am looking for something that is going to not be complex. I would even settle for 64bit encryption. I do not believe the people using this software will know enough as to where to look for the password, but you never know. Any help is greatly appreciated!!
ASKER
Thanks for the quick response, but I am writing this program in access, and have sessions created when users log in and the sessions form relies on the log in form, so I could not use this. But this is the direction i am looking for!
>> Thanks for the quick response, but I am writing this program in access, and have sessions created when users log in and the sessions form relies on the log in form, so I could not use this. <<
I know that you are in Access, and while the sample is in VB and VBScript, it ports to Access/VBA (IIRC) .... but if you don't want that kind of complication (I know I personally did not for my situation), then you may be able to use the following, very simple, hashing code ...
For your purpose it may work just fine, but please note that this routine will hash different strings to the same hash value. While the occurrance of that phenomenon is in-frequent, it does occur.
Despite this, I personally have used the above code quite successfully for years with a UserName, hPassword type table. I figure that I really don't care if two pwd's hash to the same value because I am doing a lookup based on UserName & Password and since the username is the key to a unique index, I have not been troubled by duplicate hash values.
In the event that it would become an issue, I would likely just add a third column to my table that is the result of a hash using the username and password (hUserPwd), then do a lookup on Username, hPassword, and hUserPwd where UserName is the readable string of username, hPassword is the hashed password, and hUsePwd is the username concatenated to the pwd then hashed.
I hope that made sense!! ...
I know that you are in Access, and while the sample is in VB and VBScript, it ports to Access/VBA (IIRC) .... but if you don't want that kind of complication (I know I personally did not for my situation), then you may be able to use the following, very simple, hashing code ...
Public Function Hash(ByVal strHashThis As String) As Long
Dim i As Long, h As Long
Dim lngTemp As Long
h = Len(strHashThis)
For i = 1 To h
lngTemp = (Asc(Mid$(strHashThis, h - i + 1, 1)) + Asc(Mid$(strHashThis, i, 1))) Xor lngTemp
Next i
Rnd -1
Randomize lngTemp
Hash = (Rnd() * &H7FFFFFFF) And &HFFFFFFFF
End Function
For your purpose it may work just fine, but please note that this routine will hash different strings to the same hash value. While the occurrance of that phenomenon is in-frequent, it does occur.
Despite this, I personally have used the above code quite successfully for years with a UserName, hPassword type table. I figure that I really don't care if two pwd's hash to the same value because I am doing a lookup based on UserName & Password and since the username is the key to a unique index, I have not been troubled by duplicate hash values.
In the event that it would become an issue, I would likely just add a third column to my table that is the result of a hash using the username and password (hUserPwd), then do a lookup on Username, hPassword, and hUserPwd where UserName is the readable string of username, hPassword is the hashed password, and hUsePwd is the username concatenated to the pwd then hashed.
I hope that made sense!! ...
Oh ...
Here is a site I just found that has some different encrypting code samples -- with VB6/VBA (in case you want stronger than my posted Hash() function.
http://www.cryptosys.net/apiv2n/index.html
Once there, you can d/l the original source code then take a look at the sample implementations of the functions.
Edit ...
Scratch that ... after looking at it longer it does not seem to be complete. :-/ ...
Here is a site I just found that has some different encrypting code samples -- with VB6/VBA (in case you want stronger than my posted Hash() function.
http://www.cryptosys.net/apiv2n/index.html
Once there, you can d/l the original source code then take a look at the sample implementations of the functions.
Edit ...
Scratch that ... after looking at it longer it does not seem to be complete. :-/ ...
ASKER
Thank you for the reply. I am going to work on this program when i get off work tonight. I do believe one of the other will be the answer, but looking at this, the only question i am going to have is do i need to write another fuction for decoding the hash also, or do i just call the same function. Thanks for your help and like i said i will be rewarding u point after i try this. I know one or the other will work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Work perfect!!!!!! Sorry for the extended time to give you points, I work in the I.T. department and I am over 6 stores, and the night I told you I was going to go home and give u points, we had 2 stores networks go down. Spent many hrs working on the issues, and I just got the chance to utilize this. So again I do appologize for the delay, but your code works perfectly. The only thing I had to change was on:
With CurrentDb.OpenRecordset(st rSQL)
It was throwing an error code of 3622 'You must use the dbSeeChanges option with OpenRecordset when accessing a SQL Server table that has an IDENTITY column.'
After some research, this seemed to do the trick:
With CurrentDb.OpenRecordset(st rSQL, dbOpenDynaset, dbSeeChanges)
Thanks again!!
With CurrentDb.OpenRecordset(st
It was throwing an error code of 3622 'You must use the dbSeeChanges option with OpenRecordset when accessing a SQL Server table that has an IDENTITY column.'
After some research, this seemed to do the trick:
With CurrentDb.OpenRecordset(st
Thanks again!!
One such algorith can be adapted to Access/VBA can be found here ...
http://www.freevbcode.com/ShowCode.asp?ID=2565