From: Tony Toews [MVP] on 22 May 2010 22:55 mscir <mscir(a)yahoo.com> wrote: >>...I just give the users a nine digit number. > >...I create a file with that name and their name encrypted in the >file. > >...I upload that to my website. Then my program then downloads that file > >...with the nine digit number from my website. > >That seems like a great approach. Do you use a hash for the encryption? No, I use the MS CryptoAPI with a looong 20 or 40 character key. I would strongly urge using the CryptoAPI as specified by Microsoft. Read the documentation thoroughly. See Security Alert: Debian & Ubuntu Linux Weak Encryption Keys http://www.cmu.edu/computing/news/security/2008/may/051608-1.html DSA-1571-1 openssl -- predictable random number generator http://www.debian.org/security/2008/dsa-1571 My point is that rolling your own solution can cause problems. How to encrypt a string in Visual Basic 6.0 and how to decrypt the string in Visual Basic .NET or in Visual Basic 2005 http://support.microsoft.com/kb/821762 Ignore the VB.Net/2005 stuff. Decryption is just the reverse of encryption and is easy to figure out from the sample code in the above KB article. IIRC you can ignore the downloads too as the KB article has the necessary sample code. Tony -- Tony Toews, Microsoft Access MVP Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/ For a convenient utility to keep your users FEs and other files updated see http://www.autofeupdater.com/ Granite Fleet Manager http://www.granitefleet.com/
From: mscir on 23 May 2010 22:09 On 5/22/2010 7:55 PM, Tony Toews [MVP] wrote: > mscir<mscir(a)yahoo.com> wrote: > >>> ...I just give the users a nine digit number. >>> ...I create a file with that name and their name encrypted in the >> file. >>> ...I upload that to my website. Then my program then downloads that file >>> ...with the nine digit number from my website. >> >> That seems like a great approach. Do you use a hash for the encryption? > > No, I use the MS CryptoAPI with a looong 20 or 40 character key. > > I would strongly urge using the CryptoAPI as specified by Microsoft. > Read the documentation thoroughly. > > See Security Alert: Debian& Ubuntu Linux Weak Encryption Keys > http://www.cmu.edu/computing/news/security/2008/may/051608-1.html > DSA-1571-1 openssl -- predictable random number generator > http://www.debian.org/security/2008/dsa-1571 > > My point is that rolling your own solution can cause problems. > > How to encrypt a string in Visual Basic 6.0 and how to decrypt the > string in Visual Basic .NET or in Visual Basic 2005 > http://support.microsoft.com/kb/821762 > > Ignore the VB.Net/2005 stuff. Decryption is just the reverse of > encryption and is easy to figure out from the sample code in the above > KB article. IIRC you can ignore the downloads too as the KB article > has the necessary sample code. > > Tony Thanks Tony. --- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---
First
|
Prev
|
Pages: 1 2 Prev: Two graphics problems Next: cairo-wrapper (VBclassic's getting a new face) |