 |  |  |  |  |  |  |  |
Need help to encrypt and decrypt password in VB
Thread Solved |
Hi,
As far as encryption goes, I am a newbie. Right now when I login, it will compare the user and password stored in my database. If both match, I will be able to login, otherwise I will be refused. The user and password are now stored in plaintext. How do I encrypt the password and stored it into the database and when I login, it will decrypt the password again. Would appreciate if anyone of you can tell me how to do the coding in order to achieve this.
Please take a look at my attached file. Thanking you all in advance.
As far as encryption goes, I am a newbie. Right now when I login, it will compare the user and password stored in my database. If both match, I will be able to login, otherwise I will be refused. The user and password are now stored in plaintext. How do I encrypt the password and stored it into the database and when I login, it will decrypt the password again. Would appreciate if anyone of you can tell me how to do the coding in order to achieve this.
Please take a look at my attached file. Thanking you all in advance.
•
•
Join Date: Dec 2004
Posts: 2,413
Reputation: 
Solved Threads: 211
I don't personally suggest the method you are inquiring about.... most password systems as of late, have been using an MD5 (or some other algorithm) to "Hash" the password. Just a little defination here, a Hash is a string that can NOT be decrypted. It's gone through some crazy algorithms that make the string permanently encrypted. Under normal circumstances, this doesn't seem like a very good plan huh? What we do next, though, is when we want to see if the password is correct, is we use the exact same algorithm to Hash what the user types in for the password, and compare the two Hashes with each other. Naturally, if both Hashes are identical, then the password must clearly be the same too. This increases the workload of a password cracker significantly, and adds countless more attempts to a bruteforce attack.
There are pretty good encryption algorithms out there that are pretty darn secure, and at the same time, are decryptable (such as blowfish and triple des) and most of these require a key pair, that gets generated, and only the partner key of something encrypted can decrypt it.
If you aren't THAT worried about security, and only want to keep prying eyes from seeing the password in plain text, then you could do something as simple as an XOR encryption, which is nothing more than an exclusive OR of bits.
There are pretty good encryption algorithms out there that are pretty darn secure, and at the same time, are decryptable (such as blowfish and triple des) and most of these require a key pair, that gets generated, and only the partner key of something encrypted can decrypt it.
If you aren't THAT worried about security, and only want to keep prying eyes from seeing the password in plain text, then you could do something as simple as an XOR encryption, which is nothing more than an exclusive OR of bits.
•
•
•
•
Originally Posted by Comatose
I don't personally suggest the method you are inquiring about.... most password systems as of late, have been using an MD5 (or some other algorithm) to "Hash" the password. Just a little defination here, a Hash is a string that can NOT be decrypted. It's gone through some crazy algorithms that make the string permanently encrypted. Under normal circumstances, this doesn't seem like a very good plan huh? What we do next, though, is when we want to see if the password is correct, is we use the exact same algorithm to Hash what the user types in for the password, and compare the two Hashes with each other. Naturally, if both Hashes are identical, then the password must clearly be the same too. This increases the workload of a password cracker significantly, and adds countless more attempts to a bruteforce attack.
There are pretty good encryption algorithms out there that are pretty darn secure, and at the same time, are decryptable (such as blowfish and triple des) and most of these require a key pair, that gets generated, and only the partner key of something encrypted can decrypt it.
If you aren't THAT worried about security, and only want to keep prying eyes from seeing the password in plain text, then you could do something as simple as an XOR encryption, which is nothing more than an exclusive OR of bits.
•
•
Join Date: Dec 2004
Posts: 2,413
Reputation:
Solved Threads: 211
Ok, This code was taken from http://www.frez.co.uk/freecode.htm#md5. You can use the class module to instantiate an instance and use the md5 call of it. Like so:
Attached is the test project appended to the site I previously mentioned.
Visual Basic 4 / 5 / 6 Syntax (Toggle Plain Text)
Attached is the test project appended to the site I previously mentioned.
Hi,
Thank you for your time. I studied only for a brief term in VB
3 years ago and my skill is not good enough to understand the coding. What I actually want is just to write a simple code - e.g. if my input text(password) is "abcd", the output text(encrypted password) should be "defg" if I want to shift 3 keys and then save it into my database file. When I next login into the database with the input "abcd" it will then convert this
string back to "defg", checked it against the database. If it is correct, then it will allowed me to login.
Regards,
Thank you for your time. I studied only for a brief term in VB
3 years ago and my skill is not good enough to understand the coding. What I actually want is just to write a simple code - e.g. if my input text(password) is "abcd", the output text(encrypted password) should be "defg" if I want to shift 3 keys and then save it into my database file. When I next login into the database with the input "abcd" it will then convert this
string back to "defg", checked it against the database. If it is correct, then it will allowed me to login.
Regards,
Hi Iafia,
If all you want to do is shift the letters three steps you can easily do that by taking the ASCII value of each letter add three to it and then convert it back to a character, i.e.
This will work for all text input as long as you don't use the last three characters of the standard 256 ASCII character set, which I sincerely doubt will be used since they are special characters.
Hope this helps
Happy coding
Yomet
If all you want to do is shift the letters three steps you can easily do that by taking the ASCII value of each letter add three to it and then convert it back to a character, i.e.
Visual Basic 4 / 5 / 6 Syntax (Toggle Plain Text)
This will work for all text input as long as you don't use the last three characters of the standard 256 ASCII character set, which I sincerely doubt will be used since they are special characters.
Hope this helps
Happy coding
Yomet
[QUOTE=Yomet]Hi Iafia,
If all you want to do is shift the letters three steps you can easily do that by taking the ASCII value of each letter add three to it and then convert it back to a character, i.e.
This will work for all text input as long as you don't use the last three characters of the standard 256 ASCII character set, which I sincerely doubt will be used since they are special characters.
Thank you for your codes. I managed to work out a solution. It seems to work all right. But each time I tried to encrypt, the encrypted password is appended to the first encrypted password.e.g. if the first password is abc, the encrypted password would be def. However the second time I encrypt with mno, the encrypt password become defpqr instead of just pqr.
What is wrong with my coding? Please see the attached zip. Would appreciate if you could tell
me why this happen.
Regards,
If all you want to do is shift the letters three steps you can easily do that by taking the ASCII value of each letter add three to it and then convert it back to a character, i.e.
Visual Basic 4 / 5 / 6 Syntax (Toggle Plain Text)
This will work for all text input as long as you don't use the last three characters of the standard 256 ASCII character set, which I sincerely doubt will be used since they are special characters.
Thank you for your codes. I managed to work out a solution. It seems to work all right. But each time I tried to encrypt, the encrypted password is appended to the first encrypted password.e.g. if the first password is abc, the encrypted password would be def. However the second time I encrypt with mno, the encrypt password become defpqr instead of just pqr.
What is wrong with my coding? Please see the attached zip. Would appreciate if you could tell
me why this happen.
Regards,
•
•
Join Date: Dec 2004
Posts: 2,413
Reputation:
Solved Threads: 211
You never clear the results variable. The results variable always gets added to, because results = results & Chr(Asc(Mid(Password, i, 1)) + 3), which means, results is equal to results and the return of these nested functions, every time it's called (I'm not going to go into variable scope here). When the button is clicked, you need to have it set results = "" before the for loop.
A few pointers and critique here (if you are one of those people who can't stand criticism, stop reading, your answer is above).
Point 1
Indent Your Code
I know that on small projects, it's no big deal... but when you get into larger bigger projects, if you don't indent your code for clarity, YOU WILL get lost in it. Indenting is a necessary part of programming and debugging, and regardless of project size, should still be adhered to. Ideally, The code should be:
Point 2
Code Placement
You test if the textbox is empty, After you perform the operation on the textbox...(you encrypt the data in the textbox, AND THEN, you test if it's empty or not...You should test it first, because even though the for loop doesn't care if the textbox is empty, if it was different scenario, where it wrote it to a database or used it in some other means, you could encounter some problems.
Point 3
vbnullstring
You'll make your VB code run a LOT faster by replacing "" with vbnullstring where applicable. "" is still considered a sting (an empty string), where vbnullstring is a special character. 1 or 2 times probably won't make a difference, but again, on big applications you can see some serious speed increase on timestamps of running code if you make this minor adjustment, and stick to it now. It operates the same for the most part, with the exception that it's a lot faster. I don't always do it, but it's something that's really good to know and a practice that's really good to be in.
A few pointers and critique here (if you are one of those people who can't stand criticism, stop reading, your answer is above).
Point 1
Indent Your Code
I know that on small projects, it's no big deal... but when you get into larger bigger projects, if you don't indent your code for clarity, YOU WILL get lost in it. Indenting is a necessary part of programming and debugging, and regardless of project size, should still be adhered to. Ideally, The code should be:
Visual Basic 4 / 5 / 6 Syntax (Toggle Plain Text)
Point 2
Code Placement
You test if the textbox is empty, After you perform the operation on the textbox...(you encrypt the data in the textbox, AND THEN, you test if it's empty or not...You should test it first, because even though the for loop doesn't care if the textbox is empty, if it was different scenario, where it wrote it to a database or used it in some other means, you could encounter some problems.
Point 3
vbnullstring
You'll make your VB code run a LOT faster by replacing "" with vbnullstring where applicable. "" is still considered a sting (an empty string), where vbnullstring is a special character. 1 or 2 times probably won't make a difference, but again, on big applications you can see some serious speed increase on timestamps of running code if you make this minor adjustment, and stick to it now. It operates the same for the most part, with the exception that it's a lot faster. I don't always do it, but it's something that's really good to know and a practice that's really good to be in.
Iafa,
The answer to your problem is quite simple, even if not obvious. You declared all your variables in the beginning of the module. This means that they will retain their value for the whole run of the program, therefore, when you encrypt a new password the variable Result already contain the current encrypted password and hence the new password is appended.
You should take the habit of having as few public variables as possible in your programs, using parameters to pass values to functions and subs or letting each sub in a form read the values from the controls instead. This makes for better code, easier debugging (since you don't have to worry about what has been done to the vaiable somewhere else) and more variables available (since you can use the same names is different subs).
So your solutions are the following:
1) Move the variable declarations inside the Click event handler, i.e. 2) Reset the value of Result each time, i.e.
I strongly suggest the first for the reasons stated above but the second option will work as well.
Happy coding
Yomet
The answer to your problem is quite simple, even if not obvious. You declared all your variables in the beginning of the module. This means that they will retain their value for the whole run of the program, therefore, when you encrypt a new password the variable Result already contain the current encrypted password and hence the new password is appended.
You should take the habit of having as few public variables as possible in your programs, using parameters to pass values to functions and subs or letting each sub in a form read the values from the controls instead. This makes for better code, easier debugging (since you don't have to worry about what has been done to the vaiable somewhere else) and more variables available (since you can use the same names is different subs).
So your solutions are the following:
1) Move the variable declarations inside the Click event handler, i.e.
Visual Basic 4 / 5 / 6 Syntax (Toggle Plain Text)
Visual Basic 4 / 5 / 6 Syntax (Toggle Plain Text)
I strongly suggest the first for the reasons stated above but the second option will work as well.
Happy coding
Yomet
 |
Other Threads in the Visual Basic 4 / 5 / 6 Forum
- Previous Thread: please for maths student
- Next Thread: A couple of things
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Visual Basic 4 / 5 / 6 Posts
- Today's Posts
- Unanswered Threads
* 6 429 2007 access activex add age application basic beginner birth bmp calculator cd cells.find click client code college component connection connectionproblemusingvb6usingoledb copy creat ctrl+f data database datareport date delete dissertations dissertationthesis dissertationtopic edit error excel excelmacro file filename form hardware header iamthwee image inboxinvb internetfiledownload keypress label listbox listview liveperson login looping machine microsoft movingranges number objectinsert open oracle password prime program prompt range-objects readfile reading record refresh remotesqlserverdatabase report save search sendbyte sites sort sql sql2008 sqlserver subroutine tags textbox time urldownloadtofile vb vb6 vb6.0 vba visual visualbasic visualbasic6 web window windows
