• "Programming is like sex: one mistake and you have to support it for the rest of your life."
• "A program is a spell cast over a computer, turning input into error messages."
• "WARNING: Keyboard Not Attached. Press F10 to Continue."
• "Why doesn't DOS ever say 'EXCELLENT command or filename!'"
i posted a link twice today to maven's code in the codebank. just look there for encryption. he has a nice example, that I think does md5. you could look for 2 out of the last 20 threads, also.
• "Programming is like sex: one mistake and you have to support it for the rest of your life."
• "A program is a spell cast over a computer, turning input into error messages."
• "WARNING: Keyboard Not Attached. Press F10 to Continue."
• "Why doesn't DOS ever say 'EXCELLENT command or filename!'"
• "Programming is like sex: one mistake and you have to support it for the rest of your life."
• "A program is a spell cast over a computer, turning input into error messages."
• "WARNING: Keyboard Not Attached. Press F10 to Continue."
• "Why doesn't DOS ever say 'EXCELLENT command or filename!'"
One way encryption is used so that if anyone stumbles across the passwords on the business end of an application or a database they will NOT be able to use the passwords to alias people via the normal way in, as only the user will know the seed word.
Typically an application at loggin will use the proffered seed word by encrypting it and comparing it to the previously stored encrypted password. If there is a match the user gets access to the program or web server.
As an example, Windows passwords are encrypted this way. You may stumble across them in the registry but it will do you no good as they are not in a form that you would recognise. As you can't reverse decode they are perfectly safe to leave lying around (actually safe and microsoft don't really hang well together - there is a way of using the location of the hashed data to overwrite with your own hashed password - but that is toooo naughty to go into in detail)
HTH
David
Learn the Rules so that you know how to break them properly.
• "Programming is like sex: one mistake and you have to support it for the rest of your life."
• "A program is a spell cast over a computer, turning input into error messages."
• "WARNING: Keyboard Not Attached. Press F10 to Continue."
• "Why doesn't DOS ever say 'EXCELLENT command or filename!'"
• "Programming is like sex: one mistake and you have to support it for the rest of your life."
• "A program is a spell cast over a computer, turning input into error messages."
• "WARNING: Keyboard Not Attached. Press F10 to Continue."
• "Why doesn't DOS ever say 'EXCELLENT command or filename!'"
OK...attached is some encryption code.
There is also a demo on file encryption.
Also, is the code for an MD5 Hash algorith. I got this MD5 code from http://www.freevbcode.com/ShowCode.Asp?ID=741
I have started modifying it slightly.
Hope this helps.
Woka
EDIT: Ooops. Just noticed your post. We both found the same MD5 code
Last edited by Wokawidget; Mar 13th, 2005 at 09:01 AM.
Re: loking for MD5 to string, and string to MD5 [RESOLVED]
Originally Posted by Trojan
So what's the point in encrypting something you cant decrypt?
When it comes to checking Passwords, it is not the issue of only encryption (though it is one part), but the neccessity to use a Key. Using One-way-Only encryption methods like MD5 or SHA1 (i prefer MD5), you can secure your data. This way if your original password is "test123" your MD5 result might be:
cc03e747a6afbbcbf8be7668acfebee5
Its so impossible to get the source string that made it: "cc03e747a6afbbcbf8be7668acfebee5" by anybody (thats y it is called one-way encryption, which has no decryption)
This raises a Question!
So, how do u check for your password??
Suppose, you have this MD5 encrypted password stored in your database (its better to store sensitive things in encrypted form). Ask the client to encrypt the password before sending over the Network. So the Server will check whether the stored "cc03e747a6afbbcbf8be7668acfebee5" and the incoming "cc03e747a6afbbcbf8be7668acfebee5" are the same. Since MD5 encryption is always the same in any OS, this will work.
If your password is stored unencrypted (that is as "test123" itself. RAW) in your database, follow this method:
The Server sends a key (any random generated string) to the client. The client then appends (or prepends or manipulates somehow) with the original password "test123" and then applies the encryption and sends it back. This way, the encryption is always different each time, even though the password is the same. In the meantime the server also does the same process of appending the key with the original password and keeps it ready with encryption for checking. An example might clear this more properly:
Original password in Server Database: "test123"
Server generates a random key: "hsozjr15sd86e"
Server Sends it to -> Client
Client receives "hsozjr15sd86e"
Client prompts for the password from user.
User Enters: "test123"
Client joins the password and the key: "test123hsozjr15sd86e"
The result is encrypted with MD5: "4a5f6722b66de40dffe0a3e2028bf6a6"
Client Sends the encrypted pass&key to server "4a5f6722b66de40dffe0a3e2028bf6a6"
Server does the same procedure (both have to match)
Server appends the key with password(from database): "test123hsozjr15sd86e"
Server makes MD5: "4a5f6722b66de40dffe0a3e2028bf6a6"
Server checks with the client data: "4a5f6722b66de40dffe0a3e2028bf6a6"="4a5f6722b66de40dffe0a3e2028bf6a6"
Server confirms, creates a Session and grants access!
Copy it somewhere safe (probably system32 folder) Add this DLL in Projects->References.
VB Code:
Private Sub Form_Load()
Dim ObjCrypt As New vbCrypt.EncryptionTools
MsgBox ObjCrypt.MD5HashString("test123")
'Results: CC03E747A6AFBBCBF8BE7668ACFEBEE5
End Sub
Hmm, Woka has also used the same vbCrypt.zip .. hehe (Hi there Woka, ) I know that my files are just repetitions. But u know, you must always end a Thread with a nice POST like this "RESOLVED" :P
Re: looking for MD5 to string, and string to MD5 [ Resolved ]
If I were you I'd just throw that DLL and everything else in this thread away. Hard telling how they got away with posting binary attachments since that isn't permitted here.
You can do the entire thing in VB6 with a few API calls, and this (and probably several other examples) are present in the CodeBank anyway.
This site has actual programmers as members now who can post original and much better code instead of just reposting things they found in the streets.
Re: looking for MD5 to string, and string to MD5 [ Resolved ]
I'm using a single function for Crypto API hashing. Supports MD5 and SHA1 and probably other hashes via CryptCreateHash. Supports string (both Unicode, ANSI and UTF-8) and byte array inputs
Code:
Option Explicit
'--- for CryptAcquireContext
Private Const MS_DEFAULT_PROVIDER As String = "Microsoft Base Cryptographic Provider v1.0"
Private Const PROV_RSA_FULL As Long = 1
Private Const CRYPT_VERIFYCONTEXT As Long = &HF0000000
'--- for CryptGetHashParam
Private Const HP_HASHVAL As Long = 2
Private Const HP_HASHSIZE As Long = 4
'--- for WideCharToMultiByte
Private Const CP_UTF8 As Long = 65001
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (lpvDest As Any, lpvSource As Any, ByVal cbCopy As Long)
Private Declare Function ArrPtr Lib "msvbvm60" Alias "VarPtr" (Ptr() As Any) As Long
Private Declare Function CryptAcquireContext Lib "advapi32" Alias "CryptAcquireContextW" (phProv As Long, ByVal pszContainer As Long, ByVal pszProvider As Long, ByVal dwProvType As Long, ByVal dwFlags As Long) As Long
Private Declare Function CryptReleaseContext Lib "advapi32" (ByVal hProv As Long, ByVal dwFlags As Long) As Long
Private Declare Function CryptCreateHash Lib "advapi32" (ByVal hProv As Long, ByVal AlgId As Long, ByVal hKey As Long, ByVal dwFlags As Long, phHash As Long) As Long
Private Declare Function CryptHashData Lib "advapi32" (ByVal hHash As Long, pbData As Any, ByVal dwDataLen As Long, ByVal dwFlags As Long) As Long
Private Declare Function CryptDestroyHash Lib "advapi32" (ByVal hHash As Long) As Long
Private Declare Function CryptGetHashParam Lib "advapi32" (ByVal hHash As Long, ByVal dwParam As Long, pbData As Any, pdwDataLen As Long, ByVal dwFlags As Long) As Long
Private Declare Function WideCharToMultiByte Lib "kernel32" (ByVal CodePage As Long, ByVal dwFlags As Long, ByVal lpWideCharStr As Long, ByVal cchWideChar As Long, lpMultiByteStr As Any, ByVal cchMultiByte As Long, ByVal lpDefaultChar As Long, ByVal lpUsedDefaultChar As Long) As Long
Public Enum UcsHashAlgorithmTypeEnum
ucsAlgMD5 = &H8003&
ucsAlgSHA1 = &H8004&
End Enum
Public Function Peek(ByVal lPtr As Long) As Long
Call CopyMemory(Peek, ByVal lPtr, 4)
End Function
Public Function GetHash(baData() As Byte, Optional ByVal eType As UcsHashAlgorithmTypeEnum = ucsAlgMD5) As String
Dim hBaseProvider As Long
Dim hHash As Long
Dim lSize As Long
Dim baBuffer() As Byte
Dim lIdx As Long
On Error GoTo EH
If Peek(ArrPtr(baData)) = 0 Then
Exit Function
End If
If UBound(baData) < 0 Then
Exit Function
End If
If CryptAcquireContext(hBaseProvider, 0, StrPtr(MS_DEFAULT_PROVIDER), PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) = 0 Then
GoTo EH
End If
If CryptCreateHash(hBaseProvider, eType, 0, 0, hHash) = 0 Then
GoTo EH
End If
If CryptHashData(hHash, baData(0), UBound(baData) + 1, 0) = 0 Then
GoTo EH
End If
If CryptGetHashParam(hHash, HP_HASHSIZE, lSize, 4, 0) = 0 Then
GoTo EH
End If
ReDim baBuffer(0 To lSize - 1) As Byte
If CryptGetHashParam(hHash, HP_HASHVAL, baBuffer(0), lSize, 0) = 0 Then
GoTo EH
End If
For lIdx = 0 To UBound(baBuffer)
GetHash = GetHash & Right$("0" & Hex$(baBuffer(lIdx)), 2)
Next
EH:
If hHash <> 0 Then
Call CryptDestroyHash(hHash)
End If
If hBaseProvider <> 0 Then
Call CryptReleaseContext(hBaseProvider, 0)
End If
End Function
Public Function GetHashStr(sText As String, Optional ByVal eType As UcsHashAlgorithmTypeEnum = ucsAlgMD5) As String
Dim baValue() As Byte
Dim lSize As Long
ReDim baValue(0 To 4 * Len(sText))
lSize = WideCharToMultiByte(CP_UTF8, 0, StrPtr(sText), Len(sText), baValue(0), UBound(baValue) + 1, 0, 0)
If lSize > 0 Then
ReDim Preserve baValue(0 To lSize - 1)
GetHashStr = GetHash(baValue, eType)
End If
End Function
Private Sub Form_Load()
'--- UTF-8
MsgBox GetHashStr("test", ucsAlgMD5) & vbCrLf
'--- ANSI
MsgBox GetHash(StrConv("test", vbFromUnicode), ucsAlgMD5)
End Sub
looking for MD5 to string, and string to MD5 [ Resolved ]
Reply With Quote
to go into in detail)
Originally Posted by Trojan
) I know that my files are just repetitions. But u know, you must always end a Thread with a nice POST like this "RESOLVED" :P 
