Encrypt Password in Database

**weisi** · Apr 13th, 2006, 02:46 AM

I have make a login which stores the password in a access database. How can I encrypt the password in the database so no one can just open the database and see? Possible to encrypt to something like this ***** (see attach)? Please advice...

**Protocol** · Apr 13th, 2006, 03:07 AM

The best thing to do is have all your encryption done within your program, and then store the encrypted result in the database.
So when the user types a password to login, you see if the encryption for the entered password matches the stored one...

**ganeshmoorthy** · Apr 13th, 2006, 03:07 AM

for a simple encryption
you can add some values to your ascii value of the password chars and save it in the db...i.e. if your pwd is password then add 250 to each chr and when you read it minus this value....you can have it in a loop

VB Code:

For i = 0 to Len (strPwd)
    sEncPwd = sEncPwd & Chr (Asc (Mid (strPwd, i, 1)) + 50)
Next
For i = 0 to Len (strPwd)
    sDecPwd = sDecPwd & Chr (Asc (Mid (strPwd, i, 1)) - 50)
Next

**weisi** · Apr 13th, 2006, 03:17 AM

Is there other ways of encrypting the database?

**Frans C** · Apr 13th, 2006, 04:07 AM

If you set the inputmask to Password, MS Access will show the text as asterisks.
This is not very secure, because when you read the data with another application the value is still readable.
Also the inputmask can be removed by anybody with the proper permissions, and everything is readable again.

**ganeshmoorthy** · Apr 13th, 2006, 04:10 AM

Is there other ways of encrypting the database?

what do you mean...password or database

**CVMichael** · Apr 13th, 2006, 06:58 AM

Originally Posted by weisi

Is there other ways of encrypting the database?

Just hash the password, and store it hashed

**weisi** · Apr 15th, 2006, 01:29 AM

Originally Posted by CVMichael

Just hash the password, and store it hashed

Any exampes that you can show me please?

**foxter** · Apr 15th, 2006, 03:07 AM

Try this: http://www.vbforums.com/showthread.php?t=388803

**CVMichael** · Apr 15th, 2006, 10:46 AM

You have to store the password hashed.
Hashing is one way encryption. That means that it cannot be decrypted.

In order to check if the password is valid you have to check the encrypted results.

Using MD5 you can get the hash like this

VB Code:

Dim MD5 As New clsMD5
 
hash_password = MD5.DigestStrToHexStr("test1")

To give you an example on how to do it, add the log in form that comes with VB, and change the code in the cmdOK_Click to this:

VB Code:

Private Sub cmdOK_Click()
    Dim MD5 As New clsMD5
    Dim DB_Password As String
    Dim SQLRequest As String
    
    SQLRequest = "SELECT Hash_Password FROM table_users WHERE UserName = '" & Me.txtUserName.Text & "'"
    
    ' execute the SQL statement
    ' set the DB_Password variable to the hashed password in the database
    
    DB_Password = "5A105E8B9D40E1329780D62EA2265D8A"
    
    If MD5.DigestStrToHexStr(txtPassword.Text) = DB_Password Then
        Form1.Show
        Unload Me
    Else
        MsgBox "Invalid Password, try again!", , "Login"
        txtPassword.SetFocus
        SendKeys "{Home}+{End}"
    End If
End Sub

I did not do the code to retrieve the password from the database, because I don't know how you do it, I don't know the table name, and field names.

Thread: Encrypt Password in Database

Thread Tools

Display

Encrypt Password in Database

Re: Encrypt Password in Database

Re: Encrypt Password in Database

Re: Encrypt Password in Database

Re: Encrypt Password in Database

Re: Encrypt Password in Database

Re: Encrypt Password in Database

Re: Encrypt Password in Database

Re: Encrypt Password in Database

Re: Encrypt Password in Database

Posting Permissions