anyone?
Printable View
anyone?
i posted a link twice today to maven's code in the codebank. just look there for encryption. he has a nice example, that I think does md5. you could look for 2 out of the last 20 threads, also.
Here it is:
http://www.vbforums.com/showthread.php?t=311963
i'm not looking for external dlls, just code please...
Same here. Did you find any code?
Woka
I think you will find that MD5 is one way encryption.
So what's the point in encrypting something you cant decrypt?
One way encryption is used so that if anyone stumbles across the passwords on the business end of an application or a database they will NOT be able to use the passwords to alias people via the normal way in, as only the user will know the seed word.
Typically an application at loggin will use the proffered seed word by encrypting it and comparing it to the previously stored encrypted password. If there is a match the user gets access to the program or web server.
As an example, Windows passwords are encrypted this way. You may stumble across them in the registry but it will do you no good as they are not in a form that you would recognise. As you can't reverse decode they are perfectly safe to leave lying around (actually safe and microsoft don't really hang well together - there is a way of using the location of the hashed data to overwrite with your own hashed password - but that is toooo naughty :eek: to go into in detail)
HTH
so when it comes to verifing password the password is encrypted and compared to an MD5 String?
Yes - that's how it works.
Well, I Found What I was looking for...
Thanks for the help David.Poundall, Yo Da Man :cool:
I Attached Here an MD5 class I found in a Mail Server I found on the web....
I did not make It and cannot take credit for it.
Tha credit goes to Robert Hubley.
p.s.
File Attachement was OK, but the extension sould be .cls
Apperantly cls is not valid file for upload - What The H***? :sick:
Anyway, Enjoy!
OK...attached is some encryption code.
There is also a demo on file encryption.
Also, is the code for an MD5 Hash algorith. I got this MD5 code from http://www.freevbcode.com/ShowCode.Asp?ID=741
I have started modifying it slightly.
Hope this helps.
Woka
EDIT: Ooops. Just noticed your post. We both found the same MD5 code :D
Trojan. Why not attach the link to your signature? - that way others can benefit from what you have found at a later date.
HTH
When it comes to checking Passwords, it is not the issue of only encryption (though it is one part), but the neccessity to use a Key. Using One-way-Only encryption methods like MD5 or SHA1 (i prefer MD5), you can secure your data. This way if your original password is "test123" your MD5 result might be:Quote:
Originally Posted by Trojan
cc03e747a6afbbcbf8be7668acfebee5
Its so impossible to get the source string that made it: "cc03e747a6afbbcbf8be7668acfebee5" by anybody (thats y it is called one-way encryption, which has no decryption)
This raises a Question!
So, how do u check for your password??
Suppose, you have this MD5 encrypted password stored in your database (its better to store sensitive things in encrypted form). Ask the client to encrypt the password before sending over the Network. So the Server will check whether the stored "cc03e747a6afbbcbf8be7668acfebee5" and the incoming "cc03e747a6afbbcbf8be7668acfebee5" are the same. Since MD5 encryption is always the same in any OS, this will work.
If your password is stored unencrypted (that is as "test123" itself. RAW) in your database, follow this method:
The Server sends a key (any random generated string) to the client. The client then appends (or prepends or manipulates somehow) with the original password "test123" and then applies the encryption and sends it back. This way, the encryption is always different each time, even though the password is the same. In the meantime the server also does the same process of appending the key with the original password and keeps it ready with encryption for checking. An example might clear this more properly:
Original password in Server Database: "test123"
Server generates a random key: "hsozjr15sd86e"
Server Sends it to -> Client
Client receives "hsozjr15sd86e"
Client prompts for the password from user.
User Enters: "test123"
Client joins the password and the key: "test123hsozjr15sd86e"
The result is encrypted with MD5: "4a5f6722b66de40dffe0a3e2028bf6a6"
Client Sends the encrypted pass&key to server "4a5f6722b66de40dffe0a3e2028bf6a6"
Server does the same procedure (both have to match)
Server appends the key with password(from database): "test123hsozjr15sd86e"
Server makes MD5: "4a5f6722b66de40dffe0a3e2028bf6a6"
Server checks with the client data: "4a5f6722b66de40dffe0a3e2028bf6a6"="4a5f6722b66de40dffe0a3e2028bf6a6"
Server confirms, creates a Session and grants access!
For MD5 Encryption:
Download: vbCrypt.dll.zip [11.9 KB]
Copy it somewhere safe (probably system32 folder) Add this DLL in Projects->References.
VB Code:
Hmm, Woka has also used the same vbCrypt.zip .. hehe :D (Hi there Woka, :wave: ) I know that my files are just repetitions. But u know, you must always end a Thread with a nice POST like this "RESOLVED" :P ;)
HTH
Neo
Tomorrow would be 10 years to the DAY since this post, and this just helped me out. Thanks!Quote:
Originally Posted by Trojan
If I were you I'd just throw that DLL and everything else in this thread away. Hard telling how they got away with posting binary attachments since that isn't permitted here.
You can do the entire thing in VB6 with a few API calls, and this (and probably several other examples) are present in the CodeBank anyway.
This site has actual programmers as members now who can post original and much better code instead of just reposting things they found in the streets.
I'm using a single function for Crypto API hashing. Supports MD5 and SHA1 and probably other hashes via CryptCreateHash. Supports string (both Unicode, ANSI and UTF-8) and byte array inputs
cheers,Code:Option Explicit
'--- for CryptAcquireContext
Private Const MS_DEFAULT_PROVIDER As String = "Microsoft Base Cryptographic Provider v1.0"
Private Const PROV_RSA_FULL As Long = 1
Private Const CRYPT_VERIFYCONTEXT As Long = &HF0000000
'--- for CryptGetHashParam
Private Const HP_HASHVAL As Long = 2
Private Const HP_HASHSIZE As Long = 4
'--- for WideCharToMultiByte
Private Const CP_UTF8 As Long = 65001
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As Long)
Private Declare Function ArrPtr Lib "msvbvm60" Alias "VarPtr" (Ptr() As Any) As Long
Private Declare Function CryptAcquireContext Lib "advapi32" Alias "CryptAcquireContextW" (phProv As Long, ByVal pszContainer As Long, ByVal pszProvider As Long, ByVal dwProvType As Long, ByVal dwFlags As Long) As Long
Private Declare Function CryptReleaseContext Lib "advapi32" (ByVal hProv As Long, ByVal dwFlags As Long) As Long
Private Declare Function CryptCreateHash Lib "advapi32" (ByVal hProv As Long, ByVal AlgId As Long, ByVal hKey As Long, ByVal dwFlags As Long, phHash As Long) As Long
Private Declare Function CryptHashData Lib "advapi32" (ByVal hHash As Long, pbData As Any, ByVal dwDataLen As Long, ByVal dwFlags As Long) As Long
Private Declare Function CryptDestroyHash Lib "advapi32" (ByVal hHash As Long) As Long
Private Declare Function CryptGetHashParam Lib "advapi32" (ByVal hHash As Long, ByVal dwParam As Long, pbData As Any, pdwDataLen As Long, ByVal dwFlags As Long) As Long
Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As Long, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As Long, ByVal lpUsedDefaultChar As Long) As Long
Public Enum UcsHashAlgorithmTypeEnum
ucsAlgMD5 = &H8003&
ucsAlgSHA1 = &H8004&
End Enum
Public Function Peek(ByVal lPtr As Long) As Long
Call CopyMemory(Peek, ByVal lPtr, 4)
End Function
Public Function GetHash(baData() As Byte, Optional ByVal eType As UcsHashAlgorithmTypeEnum = ucsAlgMD5) As String
Dim hBaseProvider As Long
Dim hHash As Long
Dim lSize As Long
Dim baBuffer() As Byte
Dim lIdx As Long
On Error GoTo EH
If Peek(ArrPtr(baData)) = 0 Then
Exit Function
End If
If UBound(baData) < 0 Then
Exit Function
End If
If CryptAcquireContext(hBaseProvider, 0, StrPtr(MS_DEFAULT_PROVIDER), PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) = 0 Then
GoTo EH
End If
If CryptCreateHash(hBaseProvider, eType, 0, 0, hHash) = 0 Then
GoTo EH
End If
If CryptHashData(hHash, baData(0), UBound(baData) + 1, 0) = 0 Then
GoTo EH
End If
If CryptGetHashParam(hHash, HP_HASHSIZE, lSize, 4, 0) = 0 Then
GoTo EH
End If
ReDim baBuffer(0 To lSize - 1) As Byte
If CryptGetHashParam(hHash, HP_HASHVAL, baBuffer(0), lSize, 0) = 0 Then
GoTo EH
End If
For lIdx = 0 To UBound(baBuffer)
GetHash = GetHash & Right$("0" & Hex$(baBuffer(lIdx)), 2)
Next
EH:
If hHash <> 0 Then
Call CryptDestroyHash(hHash)
End If
If hBaseProvider <> 0 Then
Call CryptReleaseContext(hBaseProvider, 0)
End If
End Function
Public Function GetHashStr(sText As String, Optional ByVal eType As UcsHashAlgorithmTypeEnum = ucsAlgMD5) As String
Dim baValue() As Byte
Dim lSize As Long
ReDim baValue(0 To 4 * Len(sText))
lSize = WideCharToMultiByte(CP_UTF8, 0, StrPtr(sText), Len(sText), baValue(0), UBound(baValue) + 1, 0, 0)
If lSize > 0 Then
ReDim Preserve baValue(0 To lSize - 1)
GetHashStr = GetHash(baValue, eType)
End If
End Function
Private Sub Form_Load()
'--- UTF-8
MsgBox GetHashStr("test", ucsAlgMD5) & vbCrLf
'--- ANSI
MsgBox GetHash(StrConv("test", vbFromUnicode), ucsAlgMD5)
End Sub
</wqw>