Encryption...

xPaul

Registered User.
Local time
Today, 09:21
Joined
Jan 27, 2013
Messages
65
Hi all,

Just a quick one for me.

I have a 'passwords' table which holds an amount of information which I would use alongside other authorised people.

I have implemented my own terms of security:

You can only access the DB if your Windows Login user name is stored in the BE
Input masks to stop shoulder surfing.

When the passwords form is loaded, you see the password you require in asterisks. When you click on the field this is then unmasked as thus can be copied.

I'd like to further increase the security of the passwords table, and I have been thinking about encryption.

Would it be possible to:
1. Firstly implement encryption that will encrypt all of my previous records?
2. Secondly would it be possible to achieve what I have done in the past but with encryption - when the text box is clicked on the password is revealed (however it is decrytped)?
3. If so, how fast is the encryption / decryption process?

I have looked at the following resources for my idea:
http://www.access-programmers.co.uk/forums/showthread.php?t=193695
http://support.microsoft.com/kb/104875
http://www.everythingaccess.com/tut...g-the-encryption-type-in-Access-2007&Rated=V5
 
the easiest way to encrypt data is a character by character bitwise xor operation, I think.

pick a constant (between 1 and 255), and xor each char of the password with the constant

Code:
 enctyptedstring=""
 for x=1 to len(mystring)
    encryptedstring = encryptedstring & mid(mystring,x,1) xor myconstant 
 next
the thing about xor is that repeating the process gives you the original string back - which makes it easy to use for a "light" encryption.

now a simple encryption like this can lends itself to a frequency analysis attack.

you make it harder though, by using a phrase, rather than a single constant, and moving the xor constant one place with each successive character.

store the encrypted password. compare the unencrypted version of that password with the text that the user entered. You never have to disclose the actual password, unless you really want to.

all this password stuff is virtually instant. even complex stuff like MD5 hashing (not really useful for your purpose). just find an encryption/decryption method you like.
 
Last edited:

Users who are viewing this thread

Back
Top Bottom