bbfromgb
New member
- Local time
- Today, 07:04
- Joined
- Dec 22, 2024
- Messages
- 14
Hi Jason,
Thank you for providing a 32bit-compatible version, works like expected.
Simple Password Strength Checker with PWned Online Check
- Thread starter Jason Lee Hayes
- Start date
Thank you for providing a 32bit-compatible version, works like expected.
Jason Lee Hayes
Active member
- Local time
- Today, 06:04
- Joined
- Jul 25, 2020
- Messages
- 296
Thanks for letting me know; my brain is fried.. Copilot has had a rough ride too lol
Jason Lee Hayes
Active member
- Local time
- Today, 06:04
- Joined
- Jul 25, 2020
- Messages
- 296
V2.52 Update:
Primary Functionality
This module powers a password input form that:
1. Evaluates Password Strength
• Checks for:
• Length (10–20 characters)
• Repeated/sequenced characters
• At least 2 numbers, 2 uppercase, 2 lowercase, and 1 special character
• Whether the password is common (e.g., "password", "admin")
2. Scores and Visualizes Strength
• Uses a scoring system (0–100) based on rule compliance
• Displays one of six images to represent strength
• Updates rule labels with ✓ or ✗ and color-coded feedback
3. Hashes Passwords
• Supports SHA-1 and SHA-256
• Implements SHA-1 and SHA-256 manually in VBA (no external libraries)
4. Checks for Breaches via HIBP
• Converts SHA-256 to SHA-1 if needed
• Calls the HaveIBeenPwned API using the k-anonymity model
• Displays breach count or confirmation of safety
5. Polishes UX
• Toggle password visibility
• Double-click to clear field and reset UI
• Dynamic font fallback for rule labels
• Real-time feedback on password changes
Security Awareness
• Integrates HIBP breach checking
• Encourages strong password practices
• Avoids sending full hashes (uses prefix model)
User-Centric UX
• Immediate feedback on password quality
• Visual indicators (images, color-coded labels)
• Conditional prompts (e.g., SHA-256 to SHA-1 conversion)
• Cursor placement and input masking handled gracefully
Robust Error Handling
• used consistently
• Debug logging throughout for diagnostics
• Graceful fallback behavior (e.g., font selection, control existence)
Custom Cryptographic Implementation
• Implements SHA-1 and SHA-256 from scratch
• Handles bitwise rotation and 32-bit wrapping manually
• Demonstrates deep understanding of hashing internals
Primary FunctionalityThis module powers a password input form that:
1. Evaluates Password Strength
• Checks for:
• Length (10–20 characters)
• Repeated/sequenced characters
• At least 2 numbers, 2 uppercase, 2 lowercase, and 1 special character
• Whether the password is common (e.g., "password", "admin")
2. Scores and Visualizes Strength
• Uses a scoring system (0–100) based on rule compliance
• Displays one of six images to represent strength
• Updates rule labels with ✓ or ✗ and color-coded feedback
3. Hashes Passwords
• Supports SHA-1 and SHA-256
• Implements SHA-1 and SHA-256 manually in VBA (no external libraries)
4. Checks for Breaches via HIBP
• Converts SHA-256 to SHA-1 if needed
• Calls the HaveIBeenPwned API using the k-anonymity model
• Displays breach count or confirmation of safety
5. Polishes UX
• Toggle password visibility
• Double-click to clear field and reset UI
• Dynamic font fallback for rule labels
• Real-time feedback on password changes
Security Awareness• Integrates HIBP breach checking
• Encourages strong password practices
• Avoids sending full hashes (uses prefix model)
User-Centric UX• Immediate feedback on password quality
• Visual indicators (images, color-coded labels)
• Conditional prompts (e.g., SHA-256 to SHA-1 conversion)
• Cursor placement and input masking handled gracefully
Robust Error Handling• used consistently
• Debug logging throughout for diagnostics
• Graceful fallback behavior (e.g., font selection, control existence)
Custom Cryptographic Implementation• Implements SHA-1 and SHA-256 from scratch
• Handles bitwise rotation and 32-bit wrapping manually
• Demonstrates deep understanding of hashing internals
Attachments
Jason Lee Hayes
Active member
- Local time
- Today, 06:04
- Joined
- Jul 25, 2020
- Messages
- 296
V2.52 Update:
This module powers a password input form that:
1. Evaluates Password Strength
• Checks for:
• Length (10–20 characters)
• Repeated/sequenced characters
• At least 2 numbers, 2 uppercase, 2 lowercase, and 1 special character
• Whether the password is common (e.g., "password", "admin")
2. Scores and Visualizes Strength
• Uses a scoring system (0–100) based on rule compliance
• Displays one of six images to represent strength
• Updates rule labels with ✓ or ✗ and color-coded feedback
3. Hashes Passwords
• Supports SHA-1 and SHA-256
• Implements SHA-1 and SHA-256 manually in VBA (no external libraries)
4. Checks for Breaches via HIBP
• Converts SHA-256 to SHA-1 if needed
• Calls the HaveIBeenPwned API using the k-anonymity model
• Displays breach count or confirmation of safety
5. Polishes UX
• Toggle password visibility
• Double-click to clear field and reset UI
• Dynamic font fallback for rule labels
• Real-time feedback on password changes
• Integrates HIBP breach checking
• Encourages strong password practices
• Avoids sending full hashes (uses prefix model)
• Immediate feedback on password quality
• Visual indicators (images, color-coded labels)
• Conditional prompts (e.g., SHA-256 to SHA-1 conversion)
• Cursor placement and input masking handled gracefully
• used consistently
• Debug logging throughout for diagnostics
• Graceful fallback behavior (e.g., font selection, control existence)
• Implements SHA-1 and SHA-256 from scratch
• Handles bitwise rotation and 32-bit wrapping manually
• Demonstrates deep understanding of hashing internals
V2.53 Update
Supports SHA-1, SHA-256, SHA-512, MD5, RIPEMD150 for password scoring; Auto convert to SHA-1 for Online breach check; PURE VBA - No external DLL's, No .Net dependancy.
Attachments
isladogs
Access MVP / VIP
- Local time
- Today, 06:04
- Joined
- Jan 14, 2017
- Messages
- 19,315
@Jason Lee Hayes
I would like to download v2.52 and 2.53 for testing, but unless I'm being very dense, you haven't uploaded the files here (screenshots only)
I would like to download v2.52 and 2.53 for testing, but unless I'm being very dense, you haven't uploaded the files here (screenshots only)
Jason Lee Hayes
Active member
- Local time
- Today, 06:04
- Joined
- Jul 25, 2020
- Messages
- 296
Your not dense Colin; I'm on V2.54 at present; just implementing a few other bits then i will upload V2.55 when completed.
Jason Lee Hayes
Active member
- Local time
- Today, 06:04
- Joined
- Jul 25, 2020
- Messages
- 296
V2.56 Update News
This release adds a built‑in entropy calculation to the password validator and explains what entropy means, how it’s measured, and how to improve it.
Why Entropy Matters
Password entropy measures how unpredictable a password is and therefore how resistant it is to guessing or cracking attacks such as brute force, credential stuffing, and dictionary attacks. Higher entropy means more possible combinations and a much longer time required for an attacker to succeed.
How Entropy Is Calculated
The entropy formula is:
E is the entropy in bits.
R is the size of the character set used (for example, 26 for lowercase only, 62 for letters plus digits, 94 for most printable ASCII).
L is the password length.
Example calculation: for an 8‑character password using a 94‑character set,
Guideline: aim for 75 bits for high‑security accounts; 60 bits is generally considered strong for everyday use.
How to Increase Entropy
• Use diverse character sets. Include uppercase, lowercase, digits, and symbols to increase R.
• Increase length. Each additional character multiplies the search space and raises entropy significantly.
• Avoid predictable patterns. Do not use dictionary words, repeated characters, or simple sequences like or .
• Prefer passphrases or random generation. A memorable passphrase of several unrelated words or a randomly generated string gives high entropy with fewer usability tradeoffs.
• Use a password manager. It generates and stores high‑entropy passwords, so you don’t have to memorize them.
Practical Guidance
• Balance security and usability. Very high entropy is ideal, but if users resort to insecure workarounds, overall security falls.
• Examples: is stronger than; a truly random string like is stronger still but harder to remember.
• Policy suggestion: require a minimum entropy target (for example 60–75 bits) and offer a password generator and passphrase guidance to help users meet it.
Password entropy is a core concept for protecting accounts and should guide password policies, user guidance, and automated password generation.
www.facebook.com
This release adds a built‑in entropy calculation to the password validator and explains what entropy means, how it’s measured, and how to improve it.
Why Entropy Matters
Password entropy measures how unpredictable a password is and therefore how resistant it is to guessing or cracking attacks such as brute force, credential stuffing, and dictionary attacks. Higher entropy means more possible combinations and a much longer time required for an attacker to succeed.
How Entropy Is Calculated
The entropy formula is:
E is the entropy in bits.
R is the size of the character set used (for example, 26 for lowercase only, 62 for letters plus digits, 94 for most printable ASCII).
L is the password length.
Example calculation: for an 8‑character password using a 94‑character set,
Guideline: aim for 75 bits for high‑security accounts; 60 bits is generally considered strong for everyday use.
How to Increase Entropy
• Use diverse character sets. Include uppercase, lowercase, digits, and symbols to increase R.
• Increase length. Each additional character multiplies the search space and raises entropy significantly.
• Avoid predictable patterns. Do not use dictionary words, repeated characters, or simple sequences like or .
• Prefer passphrases or random generation. A memorable passphrase of several unrelated words or a randomly generated string gives high entropy with fewer usability tradeoffs.
• Use a password manager. It generates and stores high‑entropy passwords, so you don’t have to memorize them.
Practical Guidance
• Balance security and usability. Very high entropy is ideal, but if users resort to insecure workarounds, overall security falls.
• Examples: is stronger than; a truly random string like is stronger still but harder to remember.
• Policy suggestion: require a minimum entropy target (for example 60–75 bits) and offer a password generator and passphrase guidance to help users meet it.
Password entropy is a core concept for protecting accounts and should guide password policies, user guidance, and automated password generation.
MS ACCESS MASTER | V2.56 Update News | Facebook
V2.56 Update News This release adds a built‑in entropy calculation to the password validator and explains what entropy means, how it’s measured, and how to improve it. Why Entropy Matters Password...
www.facebook.com
Attachments
Jason Lee Hayes
Active member
- Local time
- Today, 06:04
- Joined
- Jul 25, 2020
- Messages
- 296
It's limited because MS access only supports a maximum of 20 characters; anything after that is trimmed... Blame MS lol
Jason Lee Hayes
Active member
- Local time
- Today, 06:04
- Joined
- Jul 25, 2020
- Messages
- 296
InView Password Checker V2.58 Final (PureVBA)
Added: AES-256 Encryption of Raw Password & UI Updates
No .Net or .DLL Dependency
InView Hybrid Password Strategy
Workflow Overview:
Key Advantages
1. Memory Protection
Encrypting the raw password immediately after hashing minimizes its exposure in RAM. Even if memory is inspected or dumped, the plaintext is no longer accessible — only the encrypted version remains.
2. Separation of Duties
Hashes used internally (e.g., SHA-512) are never reused for external breach checks. HIBP queries rely solely on SHA-1 of the raw password, preventing cross-system hash leakage.
4. Privacy-Preserving HIBP Queries
Only the first 5 characters of the SHA-1 hash are sent to HIBP, ensuring that full hashes or passwords are never exposed — even in transit.
5. Entropy Enhancement
Transforming the password through SHA-512 before converting to SHA-1 ensures that even common inputs like "123456" yield non-standard SHA-1 values. This reduces false positives and avoids leaking canonical forms of weak passwords.
Best Practice for HIBP Integration
To maximize security and compatibility:
Added: AES-256 Encryption of Raw Password & UI Updates
No .Net or .DLL Dependency
InView Hybrid Password Strategy
Workflow Overview:
- Hash the password using a strong algorithm (e.g., SHA-512) for internal scoring and uniqueness.
- Encrypt the original password using AES-256 to protect it in memory and optionally for secure storage.
- Convert the raw password to SHA-1 to meet HaveIBeenPwned (HIBP) compatibility requirements.
- Transmit only the SHA-1 prefix (first 5 characters) to HIBP using their k-anonymity model.
1. Memory Protection
Encrypting the raw password immediately after hashing minimizes its exposure in RAM. Even if memory is inspected or dumped, the plaintext is no longer accessible — only the encrypted version remains.
2. Separation of Duties
- Hashing supports internal scoring, entropy analysis, and uniqueness checks.
- Encryption enables optional reversible storage for syncing, auditing, or rehashing — without compromising hash integrity.
Hashes used internally (e.g., SHA-512) are never reused for external breach checks. HIBP queries rely solely on SHA-1 of the raw password, preventing cross-system hash leakage.
4. Privacy-Preserving HIBP Queries
Only the first 5 characters of the SHA-1 hash are sent to HIBP, ensuring that full hashes or passwords are never exposed — even in transit.
5. Entropy Enhancement
Transforming the password through SHA-512 before converting to SHA-1 ensures that even common inputs like "123456" yield non-standard SHA-1 values. This reduces false positives and avoids leaking canonical forms of weak passwords.
To maximize security and compatibility:
- Hash the password (e.g., SHA-512) → for scoring and internal use
- Encrypt the raw password (AES-256) → for optional secure storage
- Convert the raw password to SHA-1 → for HIBP breach check
- Send only the SHA-1 prefix → to HIBP API using k-anonymity
Attachments
Jason Lee Hayes
Active member
- Local time
- Today, 06:04
- Joined
- Jul 25, 2020
- Messages
- 296
Lol, i'm done now.. honestI will wait for version 3.50
