422,757 Members | 1,364 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 422,757 IT Pros & Developers. It's quick & easy.

Implementing newer Password Hashing Algorithms

P: 5

I'm creating a user log in form in VBA for an Access Database project I'm working on. I was fortunate enough to be able to implement SHA256 Hashing using the code found on this site (https://bytes.com/topic/access/insights/906938-sha2-cryptographic-hash-algorithm-vba-vbscript).

However, I was wondering if anyone had used, or knew of any, source code for newer/slower password algorithms such as BCrypt, SCrypt, PBKDF2, etc.

I've been looking around online for implementations of some of these functions in VBA, and haven't had much success.
I'm considering trying to reverse engineer one of the available algorithms and try to port it to VBA, but I'd like to avoid doing this if possible (mostly because I don't think I'd be too successful).

Thank you!
Sep 1 '17 #1
Share this Question
Share on Google+
4 Replies

Expert Mod 15k+
P: 30,741
If I'm honest it's only Rabbit that deals with such things here.

The rest of us use his work ;-)
Sep 2 '17 #2

Expert Mod 10K+
P: 12,204
I ported from existing C or Java code I found on the web. Unfortunately I haven't looked at those other algorithms you mentioned.
Sep 5 '17 #3

P: 5
I understand.
I'm taking a look at the algorithms to see if I can do it.

I'm still trying to tear BCrypt apart to see how it works, since even if I can't port it, I'd still like to understand it.

Interestingly enough, I haven't found the wealth of information I was expecting.
I did find a fairly in depth explanation of SCrypt, so I'm taking a look at that.

Its probably overkill since ultimately the log in passwords will be stored in an Access Database Backend that will be encrypted by a password and store on a file share with restricted permissions.

But I like the idea of proper overkill.

I'll post back if I come up with anything of note.
Sep 8 '17 #4

Expert Mod 15k+
P: 30,741
Most people use the account that's logged on to determine who the user is. It's not always appropriate but when it is then it's a far more reliable way of handling security than building your own.
Sep 9 '17 #5

Post your reply

Sign in to post your reply or Sign up for a free account.