Thanks for the link.
I had found this previously but while it contained some links to VB I
needed VBA so the one for VBScript was probably the closest but that
link was broken.
> add the length of the typed password
Thanks. That sounds like a very good suggestion. I will pass this on.
Regards Peter
On 9/03/2010 10:47 PM, Richard Carde wrote:
On 8 Mar 2010, at 22:42, Peter Maddin <[email protected]
<mailto:[email protected]>> wrote:
> Thanks for the update
> If there are any problems I can point those who like working with
> VBA or VBScript to such an implementation. Do you have any links to
> such VBA /VBScript code?
Maybe start here? http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html
> Of course this requires that all passwords are different and are of
> reasonable complexity. For half the table to be filled with easily
> guessed passwords like 'password' will defeat any security measure.
> It also means that a user who forgets their password must be
> allowed to create a new one (or have one generated for them) as the
> old one cannot (in theory) be derived from the hash.
Passwords should be one way. Unless it is data that needs to be
presented back to the user. I recently reviewed a system that used a
text representation of a user's SID as the 256 bit key to protect
data that did need to be decrypted. Sounds good in theory, except
that the first 32 chars (256 bits) of said string are identical for a
given domain. DOH!
One can easily Google for common raw MD5 hashes.
If you simply add the length of the typed password to the string to
be hashed, you at least remove the rainbow attack - which is as good
as 'unhashing'. I'd look to using the username or primary key of the
user to further differentiate - this will ensure no two hashes of the
same password match.
HTH.
>
> Regards Peter
>
>
>
> On 9/03/2010 5:44 AM, Richard Carde wrote:
>> If all you need is something to generate an MD5 hash and nothing
>> more, you could use an MD5 implementation directly - afterall,
>> MD5 is MD5. There are a number of VBScript/VBA implementations
>> to select from.
-- Richard Cardeegrd
