Thanks for the update
I did not know that. I dislike using VBA and VBScript (out of my comfort
zone). What I have now seems to work ok.
If there are any problems I can point those who like working with VBA or
VBScript to such an implementation. Do you have any links to such VBA
/VBScript code?
If you are concerned that someone can easily read your VBA code and your
salt, then you have other things to worry about. Using a .Net class
only offers obscurity and we all (should) know that obscurity isn't
security.
I think the problem is more with the passwords stored in a database
staff table. The passwords are currently stored in the table as plain
text. It is this that's needs to be addressed first. The idea of a hash
algorithm being theoretically irreversible, means that someone who gains
access to the VBA or C# code would only discover that the passwords are
hashed by whatever algorithm is used. If a symmetric cipher is used and
the key embedded in code (or somewhere else accessible) then the table's
passwords can be easily decrypted.
Of course this requires that all passwords are different and are of
reasonable complexity. For half the table to be filled with easily
guessed passwords like 'password' will defeat any security measure. It
also means that a user who forgets their password must be allowed to
create a new one (or have one generated for them) as the old one cannot
(in theory) be derived from the hash.
Regards Peter
On 9/03/2010 5:44 AM, Richard Carde wrote:
If all you need is something to generate an MD5 hash and nothing more,
you could use an MD5 implementation directly - afterall, MD5 is MD5.
There are a number of VBScript/VBA implementations to select from.
