Need help to encrypt and decrypt password in VB

I don't personally suggest the method you are inquiring about.... most password systems as of late, have been using an MD5 (or some other algorithm) to "Hash" the password. Just a little defination here, a Hash is a string that can NOT be decrypted. It's gone through some crazy algorithms that make the string permanently encrypted. Under normal circumstances, this doesn't seem like a very good plan huh? What we do next, though, is when we want to see if the password is correct, is we use the exact same algorithm to Hash what the user types in for the password, and compare the two Hashes with each other. Naturally, if both Hashes are identical, then the password must clearly be the same too. This increases the workload of a password cracker significantly, and adds countless more attempts to a bruteforce attack.

There are pretty good encryption algorithms out there that are pretty darn secure, and at the same time, are decryptable (such as blowfish and triple des) and most of these require a key pair, that gets generated, and only the partner key of something encrypted can decrypt it.

If you aren't THAT worried about security, and only want to keep prying eyes from seeing the password in plain text, then you could do something as simple as an XOR encryption, which is nothing more than an exclusive OR of bits.

I don't personally suggest the method you are inquiring about.... most password systems as of late, have been using an MD5 (or some other algorithm) to "Hash" the password. Just a little defination here, a Hash is a string that can NOT be decrypted. It's gone through some crazy algorithms that make the string permanently encrypted. Under normal circumstances, this doesn't seem like a very good plan huh? What we do next, though, is when we want to see if the password is correct, is we use the exact same algorithm to Hash what the user types in for the password, and compare the two Hashes with each other. Naturally, if both Hashes are identical, then the password must clearly be the same too. This increases the workload of a password cracker significantly, and adds countless more attempts to a bruteforce attack.

There are pretty good encryption algorithms out there that are pretty darn secure, and at the same time, are decryptable (such as blowfish and triple des) and most of these require a key pair, that gets generated, and only the partner key of something encrypted can decrypt it.

If you aren't THAT worried about security, and only want to keep prying eyes from seeing the password in plain text, then you could do something as simple as an XOR encryption, which is nothing more than an exclusive OR of bits.

Thanking you for your reply. I know what you mean. The problem lies in the codng. How shall I get it done?

Ok, This code was taken from http://www.frez.co.uk/freecode.htm#md5. You can use the class module to instantiate an instance and use the md5 call of it. Like so:

Dim oMD5 As CMD5
Set oMD5 = New CMD5
Hash  = oMD5.MD5("Your Password Here")

Attached is the test project appended to the site I previously mentioned.

Hi,
Thank you for your time. I studied only for a brief term in VB
3 years ago and my skill is not good enough to understand the coding. What I actually want is just to write a simple code - e.g. if my input text(password) is "abcd", the output text(encrypted password) should be "defg" if I want to shift 3 keys and then save it into my database file. When I next login into the database with the input "abcd" it will then convert this
string back to "defg", checked it against the database. If it is correct, then it will allowed me to login.

Regards,

Hi Iafia,

If all you want to do is shift the letters three steps you can easily do that by taking the ASCII value of each letter add three to it and then convert it back to a character, i.e.

Dim Password As String
Dim i As Integer
Dim Return As String

Return = ""
For i = 1 To Len(Password)
   Return = Return & Chr(Asc(Mid(Password, i, 1)) + 3)
Next

This will work for all text input as long as you don't use the last three characters of the standard 256 ASCII character set, which I sincerely doubt will be used since they are special characters.

Hope this helps

Happy coding

Yomet

Hi Iafia,

If all you want to do is shift the letters three steps you can easily do that by taking the ASCII value of each letter add three to it and then convert it back to a character, i.e.

Dim Password As String
Dim i As Integer
Dim Return As String

Return = ""
For i = 1 To Len(Password)
   Return = Return & Chr(Asc(Mid(Password, i, 1)) + 3)
Next

This will work for all text input as long as you don't use the last three characters of the standard 256 ASCII character set, which I sincerely doubt will be used since they are special characters.

Thank you for your codes. I managed to work out a solution. It seems to work all right. But each time I tried to encrypt, the encrypted password is appended to the first encrypted password.e.g. if the first password is abc, the encrypted password would be def. However the second time I encrypt with mno, the encrypt password become defpqr instead of just pqr.
What is wrong with my coding? Please see the attached zip. Would appreciate if you could tell
me why this happen.
Regards,

You never clear the results variable. The results variable always gets added to, because results = results & Chr(Asc(Mid(Password, i, 1)) + 3), which means, results is equal to results and the return of these nested functions, every time it's called (I'm not going to go into variable scope here). When the button is clicked, you need to have it set results = "" before the for loop.

A few pointers and critique here (if you are one of those people who can't stand criticism, stop reading, your answer is above).

Point 1
Indent Your Code
I know that on small projects, it's no big deal... but when you get into larger bigger projects, if you don't indent your code for clarity, YOU WILL get lost in it. Indenting is a necessary part of programming and debugging, and regardless of project size, should still be adhered to. Ideally, The code should be:

For i = 1 To Len(Password)
    Result = Result & Chr(Asc(Mid(Password, i, 1)) + 3)
Next

If Text1.Text = "" Then
     MsgBox "Please key in your password"
Else
     Text2.Text = Result
End If

Point 2
Code Placement
You test if the textbox is empty, After you perform the operation on the textbox...(you encrypt the data in the textbox, AND THEN, you test if it's empty or not...You should test it first, because even though the for loop doesn't care if the textbox is empty, if it was different scenario, where it wrote it to a database or used it in some other means, you could encounter some problems.

Point 3
vbnullstring
You'll make your VB code run a LOT faster by replacing "" with vbnullstring where applicable. "" is still considered a sting (an empty string), where vbnullstring is a special character. 1 or 2 times probably won't make a difference, but again, on big applications you can see some serious speed increase on timestamps of running code if you make this minor adjustment, and stick to it now. It operates the same for the most part, with the exception that it's a lot faster. I don't always do it, but it's something that's really good to know and a practice that's really good to be in.

Iafa,

The answer to your problem is quite simple, even if not obvious. You declared all your variables in the beginning of the module. This means that they will retain their value for the whole run of the program, therefore, when you encrypt a new password the variable Result already contain the current encrypted password and hence the new password is appended.

You should take the habit of having as few public variables as possible in your programs, using parameters to pass values to functions and subs or letting each sub in a form read the values from the controls instead. This makes for better code, easier debugging (since you don't have to worry about what has been done to the vaiable somewhere else) and more variables available (since you can use the same names is different subs).

So your solutions are the following:
1) Move the variable declarations inside the Click event handler, i.e.

Private Sub Command1_Click()
   Dim Password As String
   Dim i As Integer
   Dim Result As String
....

2) Reset the value of Result each time, i.e.

...
Result = ""
For i = 1 To Len(Password)
...

I strongly suggest the first for the reasons stated above but the second option will work as well.

Happy coding

Yomet

In truth I agree with Yomet on this.... I didn't want to delve into variable scope, because some people have a real hard time understanding scope... the best solution is to put the variables in the proper scope.

Hi Comatose,

Thanks for the pointer about vbNullString, I had no idea that it would speed the application and will start using it immediately.

As for your other comments I could not agree more to what you are saying.

Thx

Yomet

Hi Comatosa and Yomet,
Thank you for your feedback and help. One last question. I have tried the codes and link it to my Access database and it works. Let say I add a command button called Login on the same form, when I click on it, it will verify the encrypted password that it saves earlier and match it to the database. It will then let me login if the password is the same and reject me if it is not. Would appreciate if you could guide me to write the coding. Please see attached zip.

Hi Comatose and Yomet,
First my apology to Comatose for spelling your name incorrectly. I have just found out that when I key in any password with the letter "y", e.g. "yacht" which will translate into an "|dfkw" which has pipe symbol in first char, I can't save it into the datebase. It gives" Error 3075 inserting, syntax error in string n query exp |dfkw".
What does that mean?
Thank you.
Regards,

Hi,
Can someone please tell me why I get the error msg "Run-time error '91' object variable or with block not set" when I tried to save my encrypted password. I have used the same coding from the main form(OrderDetails) and it works fine but not for this saving of password.
Please take a look at the zip files. I appreciate your comment and help. Thank you.
Regards,

Iafa,

Could you please repost your project since I keep getting the error:
File not found: "<project path>\testing\save.frm"

It seems you made some changes to the names in your "testing" project and then didn't update the MCW_Main project you attached.

I want to help you but I cannot continue without the updated project. A little hint, move your "Save.frm" from testing to MCW_Main it will make it easier for you to include it and for us to follow since there's only one directory concered.

As for your problem, I had a hunch but it proved wrong, please help me help you.

Thx

Yomet

Hi Yomet,
Thank you very much for your reply. While waiting for solution to my problem with the coding, I have through tried and error for the past few days and finally get to finish my project. It is still not 100% completed. Please see the attached zip. I still need some help from you. Firstly, if I want to search the database for a particular Order No, I just need to key in the Order No and clicking on the search command, it will retrieve the details of that particular order. How shall I write the code for the search command? Secondly, by scrolling with the arrows, I can see each order one by one, if I want to retrieve all the orders together in a table using a command button, how shall I write the code?
Lastly, is there a way to encrypt the Order Nos and Qty as well using a command button? Your help and guidance is very much appreciated.
Regards,

Iaifa,

Sorry for the late reply but my HD died on Fri night and then my Motherboard fried last night.... :(

Good to hear that you made some progress on the project it seems to be doing the encryption well now, at least I didn't get any of the errors you specified in your previous postings, i.e. "Syntax error in query" and "Object variable not set" so I assume that you have corrected these two problems. If not just say so.

Now for the three current questions:

How to search the database:
Add a button to your OrderDetails form and paste the following code into the event procedure

adoOrders.CommandType = adCmdText
    adoOrders.RecordSource = "SELECT * FROM OrderDetails WHERE [Order No] = 'MCW0003'"
    adoOrders.Refresh

As you can see you set the type of command that the ado uses to be of text type, you then set the actual query statement you want and last do a refresh. The only thing you need now is a text box for entering the order number and you're set.

How to display a list of all orders:
I would create a form with a list box with as many comlumns as you need and then loop through the recordset to populate the listbox. Remember that you don't need to use the data control if you just declare a recordset type variable, i.e.

Private Sub PopulateListbox()
    Dim conn As Connection
    Dim rs As Recordset
    
    Set conn = New ADODB.Connection
    conn.Provider = "Microsoft.Jet.OLEDB.4.0;"
    conn.ConnectionString = App.Path & "\MCW2002.mdb"
    conn.Open
    Set rs = New ADODB.Recordset
    rs.Open "SELECT * FROM OrderDetails", conn
    While Not rs.EOF
        'Populate your listbox here
        rs.MoveNext
    Wend
    rs.Close
    Set rs = Nothing
    conn.Close
    Set conn = Nothing
End Sub

Sure coding everything and using variables instead of controls makes for more typing, however, (and this is a BIG however) it gives you total control over when and how recordsets open, close and refresh. This is VERY important when you start dealing with many recordsets at once. For example a form with 10 Data controls on tables of a few thousand records each will be slow to load (it has to populate all the controls at load time) whereas a form using variables will load immediately, unless you load all the variables in the Form_Open sub, and then you can deal with the recordsets after.
Another thing here is to make sure you close and release (Set rs = Nothing) the recordsets and connections when you are done with them, I trust no language to do the memory cleaning if I can do it myself.

Encrypting order numbers and quantites:
Sure you can encrypt these details, just use the same method as for encrypting the passwords. I am just wondering why you would like to encrypt these details but that's part of your decision making.

Hope these answers help and

Happy coding

Yomet

Hi Yomet,
Sorry to hear about your harddisk and motherboard. I appreciate your time and
guidance. Thank you for your help in coding. I can now submit my project finally.
It is nice to know that there are nice people like you and others out here willing to spend their time to help others. Wishing you all the best in whatever you do.

Best Regards,

Hi Yomet,
Sorry to hear about your harddisk and motherboard. I appreciate your time and
guidance. Thank you for your help in coding. I can now submit my project finally.
It is nice to know that there are nice people like you and others out here willing to spend their time to help others. Wishing you all the best in whatever you do.

Best Regards,

Hi Yomet,
It is me again. I though I won't trouble you again but have to as my
teacher said that the project I submitted have a major flaw as it allow one to save duplicate userid. How do I write code to prevent it from doing so? I was thinking of using a msgbox to warn me if I have a same userid in the database when I try to save but at a loss as to how to do the coding. Would appreciate if you or anyone who know to guide me along. Thanking you in advance. Attach is my project in zip form.