Good evening all.

I'm new here in the forums and i want to ask a question related to encryption.

I'm making a database that will need to have a login system since users will have different permissions based on their role.

Of course, i don't want to store plain text passwords in a table, so i need an encryption process for them. I could make a simple one using XOR but wanted something a bit more secure.

I searched a lot but wasn't able to find a VBA implementation for this.

Twofish has a VB version but i don't know how to put it to work (and in their website they say it needs to be compiled before used so i guess it won't work in access).

So can anyone help me with this? where can i find an encryption algorithm to use?
Thanks in advance!

You don't need encryption for your passwords. You just need to store a hash value of the password. Other than encryption, which is two-way, a hash is a deterministic one-way conversion. As the user is supposed to enter the raw password anyway, you can always apply the hash algorithm and compare the result to the hash you stored.

There are implementations for the MD5 hashing algorithm available for VB(A). - MD5 is not considered cryptographically secure, but I guess for the security level of an Access database it is still good enough.

I'm very much not an Access user, but I had this in Excel, and hopefully VBA is VBA

Uses a class (in attachment) but this is sample usage.

I'm sure you can polish it up



Option Explicit


Sub Demo()


MsgBox CheckPW


End Sub




Function CheckPW() As Boolean
Dim oCrypto As clsSHA256
Dim pwStored As String, pwEntered As String
Dim iTries As Long

CheckPW = False

Set oCrypto = New clsSHA256

'probably stored in the database
pwStored = oCrypto.SHA256("password")

Debug.Print "Stored PW = " & pwStored

iTries = 3

Do
pwEntered = InputBox("Enter PW", "The Password Please", vbNullString)

Debug.Print "Raw entered PW = " & pwEntered

If Len(pwEntered) = 0 Then Exit Function

pwEntered = oCrypto.SHA256(pwEntered)


Debug.Print "Encrypted entered PW = " & pwEntered


If pwStored <> pwEntered Then
iTries = iTries - 1
If iTries > 0 Then MsgBox "Wrong password, Try #" & iTries & " left", vbCritical + vbOKOnly, "Enter Password"
End If

Loop Until (pwStored = pwEntered) Or (iTries = 0)


If iTries = 0 Then Exit Function


CheckPW = True


End Function

Thanks PhilS and Paul for the help.

Phils:
I didn't think about hashing... But eventually it's all that's needed indeed! I'll search for a MD5 hashing algorithm and take a look.

Paul_Hossler:
Thanks for the code. I've downloaded already and will take a look also. Then i'll decide which one to use.

But only tomorrow... Here is almost 11pm... Going to sleep...

Thanks guys!

It works great!

Thanks for the help.

This problem is solved!