From: Tony Toews [MVP] on
mscir <mscir(a)yahoo.com> wrote:

>>...I just give the users a nine digit number.
> >...I create a file with that name and their name encrypted in the
>file.
> >...I upload that to my website. Then my program then downloads that file
> >...with the nine digit number from my website.
>
>That seems like a great approach. Do you use a hash for the encryption?

No, I use the MS CryptoAPI with a looong 20 or 40 character key.

I would strongly urge using the CryptoAPI as specified by Microsoft.
Read the documentation thoroughly.

See Security Alert: Debian & Ubuntu Linux Weak Encryption Keys
http://www.cmu.edu/computing/news/security/2008/may/051608-1.html
DSA-1571-1 openssl -- predictable random number generator
http://www.debian.org/security/2008/dsa-1571

My point is that rolling your own solution can cause problems.

How to encrypt a string in Visual Basic 6.0 and how to decrypt the
string in Visual Basic .NET or in Visual Basic 2005
http://support.microsoft.com/kb/821762

Ignore the VB.Net/2005 stuff. Decryption is just the reverse of
encryption and is easy to figure out from the sample code in the above
KB article. IIRC you can ignore the downloads too as the KB article
has the necessary sample code.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/
From: mscir on
On 5/22/2010 7:55 PM, Tony Toews [MVP] wrote:
> mscir<mscir(a)yahoo.com> wrote:
>
>>> ...I just give the users a nine digit number.
>>> ...I create a file with that name and their name encrypted in the
>> file.
>>> ...I upload that to my website. Then my program then downloads that file
>>> ...with the nine digit number from my website.
>>
>> That seems like a great approach. Do you use a hash for the encryption?
>
> No, I use the MS CryptoAPI with a looong 20 or 40 character key.
>
> I would strongly urge using the CryptoAPI as specified by Microsoft.
> Read the documentation thoroughly.
>
> See Security Alert: Debian& Ubuntu Linux Weak Encryption Keys
> http://www.cmu.edu/computing/news/security/2008/may/051608-1.html
> DSA-1571-1 openssl -- predictable random number generator
> http://www.debian.org/security/2008/dsa-1571
>
> My point is that rolling your own solution can cause problems.
>
> How to encrypt a string in Visual Basic 6.0 and how to decrypt the
> string in Visual Basic .NET or in Visual Basic 2005
> http://support.microsoft.com/kb/821762
>
> Ignore the VB.Net/2005 stuff. Decryption is just the reverse of
> encryption and is easy to figure out from the sample code in the above
> KB article. IIRC you can ignore the downloads too as the KB article
> has the necessary sample code.
>
> Tony

Thanks Tony.

--- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---