Discussion:
md5 hash function for MS Access
(too old to reply)
Nathan Given
2003-07-09 18:16:03 UTC
Permalink
I've spent some time looking over past postings, I can't find anything
super useful...

I just want to hash my already existent password field (it is a text
field) into a new field using a one way md5 hash technique (in fact,
it needs to be the same one as mysql uses, is this possible?).

When I built the database I didn't know I could hash passwords... so
that is why I need to convert all the old passwords into hashed
passwords.

How do I do this? Is there something I can download somewhere?

Thanks!
--
Nathan
TC
2003-07-10 03:32:56 UTC
Permalink
Post by Nathan Given
I've spent some time looking over past postings, I can't find anything
super useful...
I just want to hash my already existent password field (it is a text
field) into a new field using a one way md5 hash technique (in fact,
it needs to be the same one as mysql uses, is this possible?).
When I built the database I didn't know I could hash passwords... so
that is why I need to convert all the old passwords into hashed
passwords.
How do I do this? Is there something I can download somewhere?
There used to be a VBA crypto module called EBCrypt, but I can't find its
website now.

Do a google groups search on "md5 vba", you'll find hundreds of entries.

Be aware, however, that some of the VBA crypto code on the web is very slow,
& sometimes hopeless in other ways - eg. procedures that store file byte
lengths in integer variables!

TC
Nathan Given
2003-07-10 17:19:44 UTC
Permalink
Thanks for your help.

After thinking about what I was trying to do, I managed to figure
something out. It is kind of the "long" way to do things, but it gets
the job done.

Since I only need to do this once, I decided to import all my data
into mysql via odbc (I was amazed how easy it was with MS Access).

After that, I was able to use a pass-through query to bring the
information back, but I added a column this time... md5(password).
So it returned not only the un-encrypted password but the md5 hash
also.

Take Care!
--
Nathan
TC
2003-07-11 05:21:48 UTC
Permalink
No way! He wanted it to store hashed passwords. With your scheme, if
someone can get two hashed passwords, they just XOR them together, &
thereby get your XOR mask (E9E9E9E9...). Then they can encrypt &
decrypt any passwords, as they choose!

Your scheme is a symmetric XOR cipher. You should never encrypt >1
plaintext with the same key (eg. E9E9E9E9...) of a symmetric XOR
cipher. It is subject to the simple attack described above. An example
of this, is the MS Access database password(!)

Passwords should be encrypted with a one-way hash function (eg. MD5,
as the OP suggested).

TC
Public Function Scramble(ByVal txt As String)
'Scramble/Unscramble strings (simple encryption)
'
' Debug.Print Scramble("Stuart")
' Result: ºo^>
'
' Debug.Print Scramble("ºo^>")
' Result: Stuart
Dim i As Long
Dim s As String
'
If txt = "" Then Exit Function
For i = 1 To Len(txt)
s = s & Chr$(Asc(Mid$(txt, i, 1)) Xor &HE9)
Next
Scramble = s
End Function
Post by TC
Post by Nathan Given
I've spent some time looking over past postings, I can't find anything
super useful...
I just want to hash my already existent password field (it is a text
field) into a new field using a one way md5 hash technique (in fact,
it needs to be the same one as mysql uses, is this possible?).
When I built the database I didn't know I could hash passwords... so
that is why I need to convert all the old passwords into hashed
passwords.
How do I do this? Is there something I can download somewhere?
There used to be a VBA crypto module called EBCrypt, but I can't find its
website now.
Do a google groups search on "md5 vba", you'll find hundreds of entries.
Be aware, however, that some of the VBA crypto code on the web is very
slow,
Post by TC
& sometimes hopeless in other ways - eg. procedures that store file byte
lengths in integer variables!
TC
Loading...