Problem solve Get help with specific problems with your technologies, process and projects.

## This tip explores how to write a very simple function that will both encrypt and decrypt passwords.

If you've ever written an application that stores passwords, you'll know the importance of encryption. There's...

no point in password protecting things if all a user has to do is open a file or database to get all of the stored passwords.

It is possible, however, to write a very simple function that will both encrypt and decrypt passwords. Simply pass the function the string you wish to encrypt, and a short key (to make it harder to break your encryption), and it will return the encrypted version. Pass it the encrypted version, and it will translate it back into plain text. Enjoy.

```Private Function Encrypt(ByVal strInput As String, ByVal strKey As
String) As
String
Dim iCount As Long
Dim lngPtr As Long
For iCount = 1 To Len(strInput)
Mid(strInput, iCount, 1) = Chr((Asc(Mid(strInput, iCount, 1)))
Xor
(Asc(Mid(strKey, lngPtr + 1, 1))))
lngPtr = ((lngPtr + 1) Mod Len(strKey))
Next iCount
Encrypt = strInput
End Function
```

"Your advice on encrypting passwords could lead to inadvertant disclosure of those passwords. Fundamentaly, your algorithm is the same stream encryption used by Germany in World War II, but you have omitted all of the essential elements which make it safe to use, specifically key length, key strength and key variation. You have implemented a symetric encryption algorithm, but because it uses a fixed length, static key, it has may of the same defects that the "Unbreakable Cipher" had (Charles Babbage broke that one). That is, it is relatively easy to spot repeated sequences and deduce the key length. From there, each column can be treated as a fixed substitution cipher and broken individually to obtain the original keyword.

"Further advantage can be taken because the average user will choose a word as a key, not a string of pseudo-random characters. Worse, because the cipher is symetric, the application can retrieve the original passwords (you introduce this as a cipher to encrypt passwords). If you can do it, then a hacker can also do it. Break one password with this method and you have broken them all.

"Professional software needs to prevent this, which is normally done by using the password itself as the key to encrypt a secret value. When users attempt to logon, the client repeats the process and tests the result against the stored value. If they are the same, then the user had the right password. Even if a hacker breaks one password, they don't have any of the others. I hope you pass this advice on to your readers, and I suggest they consult some of the many references on the Web."

This was last published in February 2001

## Content

Find more PRO+ content and other member only offers, here.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### Cloudflare Access takes on VPNs with reverse proxy approach

Cloudflare takes inspiration from Google's BeyondCorp with a new service called Cloudflare Access, which aims to replace ...

• ### TLS 1.3: What it means for enterprise cloud use

The latest draft version of TLS 1.3 is out, and it will likely affect enterprises that use cloud services. Expert Ed Moyle ...

• ### The biggest cloud security threats, according to the CSA

The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how ...

## SearchNetworking

• ### ThousandEyes-Juniper pact focuses on hybrid WANs

ThousandEyes and Juniper boost visibility for hybrid WANs; IDC records sharp rise in cloud spending; and a vendor group issues ...

• ### ExtremeLocation latest addition to Extreme wireless portfolio

Extreme Networks is targeting retailers with a new set of services, called ExtremeLocation. The latest technology adds ...

• ### Take network configuration management tools to the next level

Script management systems and intent-based networking are driving the future of network configuration management tools, shifting ...

## SearchCIO

• ### Some may not know it, but companies want CIOs with cloud expertise

Organizations know what benefits cloud computing can bring -- and they're seeking out IT leaders with cloud expertise to make ...

• ### 'Patient journey' propels hospital's digital transformation

The chief innovation officer at Boston Children's Hospital explains how digital technologies are changing the 'patient journey' ...

• ### Wayfair's chief architect talks AI-driven innovation, impactful IT

Wayfair sells home furnishings, but under the covers, it's a tech juggernaut. Chief Architect Ben Clark explains how AI-driven ...

## SearchEnterpriseDesktop

• ### Ten Windows 10 Fall Creators Update features to know

Microsoft introduced some significant changes to Windows 10 in the Fall Creators Update. The My People app, for example, lets ...

• ### Guard the line with Windows Defender features

The Windows 10 Fall Creators Update took Windows 10 security up a notch by adding advanced features to Windows Defender, ...

• ### Ready to master virtualization-based security in Windows 10?

Put your knowledge of virtualization-based security in Windows 10 on the line with this quiz covering the ins and outs of ...

## SearchCloudComputing

• ### Gauge your knowledge of cloud providers' AI technologies

As enterprise interest grows, major cloud providers continue to unveil machine learning and AI services. See how much you know ...

• ### Google Cloud Dedicated Interconnect offers VPN alternative

Google's Dedicated Interconnect enables an enterprise to privately connect its data center to the public cloud. Here's a ...

• ### Meltdown-Spectre bugs hit cloud usage less than first feared

IT shops expected their cloud usage to flag due to recent chip bugs, but most environments survived the patches unscathed.

## ComputerWeekly.com

• ### Do website design platforms pose too big a security risk?

Cloud-based website design platforms are booming in popularity because of their simplicity and affordability, but business ...

• ### Intel recalls botched Spectre fix

The inventor of Linux, Linus Torvalds, vents his frustration and suggests Intel has no plans to fix Spectre flaw

• ### Mastercard sets biometric ID deadline for banks

Mastercard has committed to guaranteeing that every one of its customers will have access to biometric authentication services by...

Close