Logon Prompt 2

[Lourry]

Hello All,

I have a logon prompt for working where it will check the passwors against the username that is entered.

my questions are:

1) How can I set the text box where the user enters the password to only show stars (the * character). So that when a user types in their password, only stars will show up instead of the actual letters?

2) Has anyone got encryption working? Currently the user table, which is a linked table in Oracle has the password column as plain text, so anyone that have access to the actual data table will be able to see other user's passwords. Is there a way so avoid user's from seeing other user's passwords?

Thanks in advance!

-Lory

 

[wemeier]

For the stars to appear, give the textbox's InputMask property the value of Password. It's a predefined inputmask.

Cruising the Information Superhighway
_{(your mileage may vary)}

 

[Lourry]

Thanks wemeier!!

That worked perfectly

 

[Zion7]

Here's a thought for decryption.

Dim x As iInteger
Dim sOriginal, sDecrpyted As String

For x = 1 To Len(txtPassword)
sOriginal = Asc(Mid(txtPassword,x,1)) 'changes letters to its integer value

sOriginal = Chr(sOriginal - 1) 'shifts each integer by 1 And changes back to its letter value (offset by one)

sDecrypted = sDecrypted & sOriginal
Next x
txtPassword = sDecrypted 'Table field, shows erroneous pword

...to Encrypt, Copy above procedure while changing...
sOriginal = Chr(sOriginal + 1) 'notice add, not subtract

of course, you can shift as you like, Chr(sOriginal -/+ ?).
Even give ?, a variable which increments after each loop, to make it more hackproof...

y = y + 1 'each character will be shifted, 1 value more than the previous character
sOriginal = Chr(sOriginal - y)

I assume you see the potential, for various decryption values.
Hope this helps, good Luck!

 

[Lourry]

Thanks Dboulos!
That does help a lot! I'll give that a try. And I really like the idea of y = y +1 to make it more hackproof : )

 

[Craig0201]

You'd be better off with a hashing algorithm. A hash only works one way so even you can't read the password.

 

[Lourry]

Hi Craig0201,

Thanks for the suggestion however I am not familiar with hash functions.....do you have an example?

Thanks!

 

[Craig0201]

A hash is a one way function. You can't find the key from the result (except by massive brute force). An example is MD5. There are cheapish DLLs that can be bought that implement MD5. Look it up on Google.

Craig

 

[Ed2020]

There is a Windows API to encrypt text. Give this a try:




'Passes a call to the Windows API to encrypt a text string

Option Explicit

Private Declare Function CryptAcquireContext Lib "advapi32.dll" Alias "CryptAcquireContextA" (ByRef phProv As Long, ByVal pszContainer As String, ByVal pszProvider As String, ByVal dwProvType As Long, ByVal dwFlags As Long) As Long

Private Declare Function CryptReleaseContext Lib "advapi32.dll" (ByVal hProv As Long, ByVal dwFlags As Long) As Long
Private Declare Function CryptCreateHash Lib "advapi32.dll" (ByVal hProv As Long, ByVal Algid As Long, ByVal hKey As Long, ByVal dwFlags As Long, ByRef phHash As Long) As Long
Private Declare Function CryptHashData Lib "advapi32.dll" (ByVal hHash As Long, ByVal pbData As String, ByVal dwDataLen As Long, ByVal dwFlags As Long) As Long

Private Declare Function CryptDeriveKey Lib "advapi32.dll" (ByVal hProv As Long, ByVal Algid As Long, ByVal hBaseData As Long, ByVal dwFlags As Long, phKey As Long) As Long
Private Declare Function CryptDestroyKey Lib "advapi32.dll" (hKey As Long) As Long

Private Declare Function CryptEncrypt Lib "advapi32.dll" (ByVal hKey As Long, ByVal hHash As Long, ByVal Final As Long, ByVal dwFlags As Long, pbData As Any, pdwDataLen As Long, ByVal dwBufLen As Long) As Long
Private Declare Function CryptDecrypt Lib "advapi32.dll" (ByVal hKey As Long, ByVal hHash As Long, ByVal Final As Long, ByVal dwFlags As Long, pbData As Any, pdwDataLen As Long) As Long

Private Const ALG_CLASS_DATA_ENCRYPT As Long = 24576
Private Const ALG_TYPE_RSA As Long = 1024
Private Const ALG_SID_RC4 As Long = 1
Private Const ALG_TYPE_STREAM As Long = 2048
Private Const CALG_MD5 As Long = &H8003& ' Hashing algorithm
Private Const CALG_RC4 As Long = (ALG_CLASS_DATA_ENCRYPT Or ALG_TYPE_STREAM Or ALG_SID_RC4)

Private Const MS_DEFAULT_PROVIDER As String = "Microsoft Base Cryptographic Provider v1.0"
Private Const PROV_RSA_FULL As Long = 1
Private Const CRYPT_VERIFYCONTEXT = &HF0000000

Public Enum EncryptionMode
Encrypt
Decrypt
End Enum

Public Function vbEncrypt(strText As String, strPassword As String) As Byte()
vbEncrypt = CoreCrypto(strText, strPassword, Encrypt)
End Function

Public Function vbDecrypt(strText As String, strPassword As String) As Byte()
vbDecrypt = CoreCrypto(strText, strPassword, Decrypt)
End Function

Private Function CoreCrypto(strText As String, strPassword As String, Mode As EncryptionMode) As Byte()
Dim hProv As Long
Dim ByteBuffer() As Byte
Dim strprovider As String
Dim hHash As Long
Dim hKey As Long
Dim datalen As Long


ByteBuffer = strText

' Grab an RSA-based cryptoapi context using Microsoft's base provider
strprovider = MS_DEFAULT_PROVIDER & vbNullChar
Call CryptAcquireContext(hProv, vbNullString, strprovider, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) ' final param could be 0&

' Generate a hash of the password
Call CryptCreateHash(hProv, CALG_MD5, 0, 0, hHash)
Call CryptHashData(hHash, strPassword, Len(strPassword), 0)

' Derive a key symmetric key based on hashed password
Call CryptDeriveKey(hProv, CALG_RC4, hHash, 0&, hKey)

' Apply decryption or encryption using derived key
datalen = UBound(ByteBuffer)
Select Case Mode
Case Encrypt
Call CryptEncrypt(hKey, 0, 1, 0, ByteBuffer(0), datalen, UBound(ByteBuffer))
Case Decrypt
Call CryptDecrypt(hKey, 0, 1, 0, ByteBuffer(0), UBound(ByteBuffer))
End Select

CoreCrypto = ByteBuffer

' Clean up
CryptDestroyKey hKey
CryptReleaseContext hProv, 0&
End Function

Private Sub Command1_Click()
' result is really just a buffer, NOT a real VB string
Dim result As String

result = vbEncrypt(Text1.Text, "secret") ' remember that we are casting a byte array to a string to fill out buffer
Text2.Text = result ' text2.text ends up just with the displayable characters, not the entire buffer. As a result text2.text cannot be used as the source for decryption
Text3.Text = vbDecrypt(result, "secret")
End Sub

Please do not feed the trolls.....

 

[Lourry]

Thanks Ed2020

I gave it a try and it gives me syntax errors on the following lines...

Public Enum EncryptionMode
...
End Enum

Public Function vbEncrypt(strText As String, strPassword As String) As Byte()

Public Function vbDecrypt(strText As String, strPassword As String) As Byte()

Private Function CoreCrypto(strText As String, strPassword As String, Mode As encryptionMode) As Byte()

I am using Access 97...any ideas?

Thanks again!

 

[Ed2020]

Try:

Private Enum EncryptionMode
Encrypt=1
Decrypt=2
End Enum

Private Function vbEncrypt(strText As String, strPassword As String) As Integer()

Private Function vbDecrypt(strText As String, strPassword As String) As Integer()

Private Function CoreCrypto(strText As String, strPassword As String, Mode As encryptionMode) As Integer()


Please do not feed the trolls.....

 

[Lourry]

Thanks for the reply Ed2020.

same thing, perhaps Access 97 can't have arrays as return types?

 

[Ed2020]

It looks like that's the case. Access 97 doesn't appear to like Enum either.

Everything works fine in Access 2000 - sorry!

Ed Metcalfe.

Please do not feed the trolls.....

 

[Craig0201]

Lourry,

Change every returned array to a variant and replace every call to an enum value with the integer equivalent. I've done this and it works fine.

Top code, Ed.

Craig

 

[Ed2020]

Change every returned array to a variant and replace every call to an enum value with the integer equivalent. I've done this and it works fine." - Good thinking Craig. Have a star.

Ed Metcalfe.

Please do not feed the trolls.....

 

[Lourry]

Thanks Craig0201 and Ed2020!!
It works perfectly! You guys are genius!
Thanks again for all the help.

 

[nashman]

Sorry folks,

Don't know much about arrays...

What would this code look like using Craig0201's comment about "Change every returned array to a variant and replace every call to an enum value with the integer equivalent. I've done this and it works fine."

 

[rivkahannah]

Hi! This thread is really helpful. I'm feeling a little clueless though and I apologize if this is a dumb question. What data type would I store the encrypted value as in SQL Server 2000?