473,320 Members | 1,867 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Converting AES Algorithm to work on strings

Moderator: Split off from https://bytes.com/topic/access/insig...m-vba-vbscript


I am desperately searching for a routine to AES encrypt a password that is submitted in an access form as a string and then I will use DAO to write it to a linked SQL table. I have tried over and over to convert the example you gave but am totally lost and its nowhere close to working. I have been looking for a solution for over a year. Any help would be greatly appreciated.
Jun 8 '18 #1
4 3031
NeoPa
32,556 Expert Mod 16PB
I don't have code for AES but there is some for the RC4 algorithm that Rabbit also posted (RC4 Encryption Algorithm for VBA and VBScript).
Jun 9 '18 #2
Rabbit
12,516 Expert Mod 8TB
Before you decide to encrypt a password, I would say that the standard practice with passwords is to store a hash.
Jun 10 '18 #3
I am sorry, I am probably using the wrong terminology.

We currently have two databases that use SQL server as a backend. We have a web based front end that is very user 'Not Friendly'. We also have an Access front end that is connected to the same DB. The web based (.NET) stores passwords in the backend in the format, rnIsAJU2Gu80bH51pNrgovB+FiS8fdONtu6n5FBwMKc= (this represents the user password - default123).

We are not trying to create Fort Knox. I simply want to make sure the real passwords are not visible anywhere if someone should happen to gain access to the tables. Typically other IT staff.

We want to be able to create the same passwords that would be generated in the web base front end through the Access front end so we can use the same passwords for both applications. We have tons more information that we collect on the Access end and it is far easier to create new users there with the exception of creating an encrypted pw. Currently the users have two passwords. One for the web front end that is encrypted and one for the Access front end that is not. I want to get rid of the non-encrypted Access password on only have one for both. I am told the web front end uses AES encryption and we have enough knowhow to get the 'encryption key' out of the .NET code. (Im sure I didn't use the right terminology, HASH, Key, etc.).

I simply want to convert the desired password such as the default123 to the example given and be able to store it in the same fashion the web front end is already doing. I will also convert the password entered at login and compare it to the stored value to allow or disallow access to the system.

I hope this is a better explanation of what I am trying to do. I have a pretty good grasp on basic VBA and can usually decipher what is going on in the code but I wasn't able to convert your example to something I could use. I actually got it to take a variable and return an encrypted string at the end but I still have no idea where the (key or HASH or whatever it is call should go).

All help is greatly appreciated!!
Jun 11 '18 #4
Rabbit
12,516 Expert Mod 8TB
Before you go the path of modifying the code to spit out a string, you should make sure you're both using the same version of the algorithm.

The code in the linked article is for the 256-bit version of AES in CBC or EBC mode. There is no salt/nonce/IV incorporated.

Security Disclaimer: Refrain from storing passwords, encrypted or not. It should be stored as a hash with a salt. If you must store a password in encrypted format, then you should use a salt.

Once you have confirmed that both of you are using the same version of the algorithm. Then to modify it to spit out a string, you will need to rewrite all references to files and file writing to work on string variables.

Also, it looks like the output from the web version is further encoded in Base-64. You will need to create your own version of that as that's not part of AES.
Jun 12 '18 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

11
by: Laurent Therond | last post by:
Maybe you have a minute to clarify the following matter... Consider: --- from cStringIO import StringIO def bencode_rec(x, b): t = type(x)
3
by: pw | last post by:
Hello, How can I typecast a date generated from VARCHAR fields into a date field ie: UPDATE inventory SET date_field = vc_year||'-'||vc_month||'-'||vc_day;
7
by: Paul K | last post by:
I'm writing a small component that needs to be as fast as possible. The component needs to convert a string to decimal during the course of it's processing. However, I need to test the string...
113
by: Bonj | last post by:
I was in need of an encryption algorithm to the following requirements: 1) Must be capable of encrypting strings to a byte array, and decyrpting back again to the same string 2) Must have the same...
2
by: Bernie Yaeger | last post by:
I'm using the following function (I'm displaying the guts of it only) to convert a datatable to an excel spreadsheet: For Each mrow In dt.Rows rowindex += 1 colindex = 0 For Each col In...
10
by: robin | last post by:
hi, i'm doing some udp stuff and receive strings of the form '0.870000 0.250000 0.790000;\n' what i'd need though is a list of the form i got to the part to obtain a string '0.870000 0.250000...
4
by: fatboySudsy | last post by:
hi there, I have been struggling for a while with a client/server program. I have to authenticate in order to log on correctly. I have managed to get most things sorted, asking for username (...
3
by: nvx | last post by:
Hi, I'm looking for a simple way to convert a Double to a String exactly the .ToString() does, except these two differences: - the number of decimals is given (rounding is applied if necessary),...
4
by: josha13 | last post by:
I am very new to C++ and I am trying to figure out how to convert a number to a string (even in the simplest case such as #include <iostream> #include <sstream> using namespace std; int main...
1
by: harmanjeet | last post by:
hello friends, I want to read a Bitmap file in C language and produce the binary equivalent of it in the form of 0's and 1's. Can you please help me in writing a code for this. If you can spare...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.