Question Password And Data Encryption And Decryption In Access Database

Raz

Member
Joined
Jun 7, 2010
Messages
11
Programming Experience
Beginner
Hi

I am beginner in VB.net. I am trying to create a simple security system for a system that I have created using VB.net 2005 and MS Access 2003.

You can help me by following scenarios:


1) create users to login to the program and the passwords are encryted and save into access database (e.g. the password created is "password" but is viewed as "hnt23x7" in the database)

2) a form that allows the admin of the program to decrypt and view the "hnt23x7" as "password" in a textbox/label

3) a form that allows the users/admin to save data into the database, and encrypt the data. (e.g. the user saved "1234", and when he opens the database, its shown as "kjh76d2" in the table)

4) a form that allows the user to decrypt the "kjh76d2" and view as "1234" in a textbox/label

Many thanks for your help
 

Satal Keto

Well-known member
Joined
May 15, 2006
Messages
86
Programming Experience
5-10
Personally I've always viewed storing passwords encrypted is a bad thing, you should be hashing them. The difference between the two is that with encryption you can get the original text back, with hashing you are unable to get the original text back from the output. While this may sound unhelpful, if you hash a string for example 'a' and then hash 'a' again then you will get the same value.
So if you store the hashed password in the database when the user goes to login you application, you hash the password they supply and then if the hash that you produced from the supplied password matches the hash you have stored then the passwords supplied match (there is a possibility of having a Hash Collision, but it is extremely unlikely).
One example of a highly popular hashing algorithm is MD5, you can find some code on how to create an MD5 hash of a string here.

For point two, unless you have a good reason for allowing the administrator the ability to see the password (which I can't think of any), I would suggest building in the capability to allow for the administrator to reset the password for an account, which then the user should be able to change afterwards.

For encrypting the data that you are storing in the database, here are a couple links which will provide you with plenty of information about encryption and how to do it.
String Encryption With Visual Basic .NET

Keeping Secrets: A Guide to VB .NET Cryptography


While I know that the main part of this response has been suggesting that you not to go ahead with the way you planned on storing the passwords within the database, the links I have provided above should give you enough information to allow for you to do that anyway. My reason for suggesting that you reconsider and my explanation was to allow for you to get a betting idea of how to create more secure system.

Anyway I hope this helped you

Satal :D
 

Raz

Member
Joined
Jun 7, 2010
Messages
11
Programming Experience
Beginner
Reply

Thank you very much Satal for your constructive advice

I will work on it as you explained and come back for more help if I need.

Raz
 

Raz

Member
Joined
Jun 7, 2010
Messages
11
Programming Experience
Beginner
Encryption

Hi Satal

Thank you for your help. The Hashing of password was very usfull.

For my data encrytion and Decryption, I have downloweded (from here A class for all your encryption needs - Visual Basic , VB.NET) and created simple form that encrypt the data and decrypt it. Unfortunatelt the Ecryption work fine but decrytion does not work. Can you please see the source code of the form I have attached. I will be glad if you corrected it for me please.

Many Thanks
Raz
 

Attachments

Last edited by a moderator:

Satal Keto

Well-known member
Joined
May 15, 2006
Messages
86
Programming Experience
5-10
Heya Raz,

For future reference when attaching projects you're generally supposed to remove the bin and obj directories, this is to stop someone inserting some code into their executable but not showing it in the code and then someone trying to help out clicks on the exe and gets a virus or something. I've forgotten to remove those directories many times myself :p

Right now down to your code. One thing I would like to point out now is that I'm currently only able to test it in Visual Studio 2010, which is a different version to what your project appears to have been made with (2005 I think).

After making some simple changes to your code it seems to work for me (Result: Result.gif) I have attached the full code at the bottom of the page as I can't send you the project as its been converted to VS2010. If you try that code and it doesn't work then let me know and I'll have a look into why it works in VS2010 but not VS2005 (or what ever you're using).
The adjustments I made to your code are for example you're using functions for psEncrypt and psDecrypt but you wasn't returning anything and you was also setting the textboxes from within them. It would be better to have the functions return the encrypted and decrypted strings so that if you eventually didn't want the encrypted and decrypted values going into a textbox but rather a variable or something it would be much easier.

I hope that this helps solve your problem

Satal :D

Code:
Imports System.Text
Imports System.Collections.Specialized
Imports System.Security.Cryptography

Public Class Form1

    Private lbtVector() As Byte = {240, 3, 45, 29, 0, 76, 173, 59}
    Private lscryptoKey As String = "ChangeThis!"

    'Author      :       Nikhil Gupta
    'Description :       This function encrypts a given string
    'Parameters  :       String
    'Return Values:      Encrypted String
    'Called From :       Business Layer

    'Encrypt String
    Public Function psEncrypt(ByVal sInputVal As String) As String
        Dim loCryptoClass As New TripleDESCryptoServiceProvider
        Dim loCryptoProvider As New MD5CryptoServiceProvider
        Dim lbtBuffer() As Byte

        Try
            lbtBuffer = System.Text.Encoding.ASCII.GetBytes(sInputVal)
            loCryptoClass.Key = loCryptoProvider.ComputeHash(ASCIIEncoding.ASCII.GetBytes(lscryptoKey))
            loCryptoClass.IV = lbtVector
            sInputVal = Convert.ToBase64String(loCryptoClass.CreateEncryptor().TransformFinalBlock(lbtBuffer, 0, lbtBuffer.Length()))
            psEncrypt = sInputVal
        Catch ex As CryptographicException
            Throw ex
        Catch ex As FormatException
            Throw ex
        Catch ex As Exception
            Throw ex
        Finally
            loCryptoClass.Clear()
            loCryptoProvider.Clear()
            loCryptoClass = Nothing
            loCryptoProvider = Nothing
            'Pass the encrypted strings to text box 
            txtEncryptedData.Text = sInputVal
        End Try

        'Pass the encrypted strings to text box 
        Return sInputVal
    End Function

    'Function to Decrypt Strings
    Public Function psDecrypt(ByVal sQueryString As String) As String

        Dim buffer() As Byte
        Dim loCryptoClass As New TripleDESCryptoServiceProvider
        Dim loCryptoProvider As New MD5CryptoServiceProvider

        Try

            buffer = Convert.FromBase64String(sQueryString)
            loCryptoClass.Key = loCryptoProvider.ComputeHash(ASCIIEncoding.ASCII.GetBytes(lscryptoKey))
            loCryptoClass.IV = lbtVector
            Return Encoding.ASCII.GetString(loCryptoClass.CreateDecryptor().TransformFinalBlock(buffer, 0, buffer.Length()))
        Catch ex As Exception
            Throw ex
        Finally
            loCryptoClass.Clear()
            loCryptoProvider.Clear()
            loCryptoClass = Nothing
            loCryptoProvider = Nothing
        End Try

        'show the decrypted data
        Return sQueryString

    End Function

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim InputData As String
        InputData = txtStringToEncrypt.Text

        'pass user input to function variable
        txtEncryptedData.Text = psEncrypt(InputData)
    End Sub

    Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
        Dim EncryptedData As String
        EncryptedData = txtEncryptedData.Text 'Pass the encrypted strings to text box 

        ' Get the encrypted data from text box
        txtDecryptedData.Text = psDecrypt(EncryptedData)

    End Sub
End Class
 

Raz

Member
Joined
Jun 7, 2010
Messages
11
Programming Experience
Beginner
Hi Satal

Thank you very much for your help.
I use VB.Net 2005, the correction you have made worked perfect. The form does the encryption and Decryption very well.

I will come back to you if I encounter with problem.

Regards,
Raz
 

Raz

Member
Joined
Jun 7, 2010
Messages
11
Programming Experience
Beginner
Hi Satal

I tried the code you corrected it for me it is working well. My question now is how I can pass several argument to Function to encrypt and Decrypt them and display them in separate text boxes.
for example in Attachment I have two text boxes with strings to be encrypted and two text boxes to display the Encryptedstring. And Also two text boxes to decrypt the strings.


Thank you for your Help

Raz
 

Attachments

Last edited:

Satal Keto

Well-known member
Joined
May 15, 2006
Messages
86
Programming Experience
5-10
Raz,

My apologies for the late reply, I didn't notice that you had replied (apparently the subscriptions don't work properly on this forum)

You wouldn't change the functions to deal with more than one input you would just call the function a second time on the data in the other textbox. So what I have done is quickly change the code again to deal with this appropriately;
Code:
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        If txtStringToEncrypt.Text.Length > 0 Then
            txtEncryptedData.Text = psEncrypt(txtStringToEncrypt.Text)
        End If
        If txtStringToEncrypt2.Text.Length > 0 Then
            txtEncryptedData2.Text = psEncrypt(txtStringToEncrypt2.Text)
        End If
    End Sub

    Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
        If txtEncryptedData.Text.Length > 0 Then
            txtDecryptedData.Text = psDecrypt(txtEncryptedData.Text)
        End If
        If txtEncryptedData2.Text.Length > 0 Then
            txtDecryptedData2.Text = psDecrypt(txtEncryptedData2.Text)
        End If
    End Sub
Satal :D
 

Raz

Member
Joined
Jun 7, 2010
Messages
11
Programming Experience
Beginner
Many thanks Satal for your help.

You helped me alot on this issue. Every changes you made worked perfect for me.
 
Top Bottom