MD5 and MS Access

G

Guest

I want to use the Security.Cryptography class to create an MD5 encrypted
password, as detailed here..

http://aspnet.4guysfromrolla.com/articles/112002-1.aspx

However, I'm using an MS Access database. Does Access have a Binary field
(cant find it!)? The only thing I can find is the OLE data type - would that
work for storing MD5'd passwords?

Or, do I need to migrate to SQL server?

Cheers


Dan
 
R

Ray Booysen

musosdev said:
I want to use the Security.Cryptography class to create an MD5 encrypted
password, as detailed here..

http://aspnet.4guysfromrolla.com/articles/112002-1.aspx

However, I'm using an MS Access database. Does Access have a Binary field
(cant find it!)? The only thing I can find is the OLE data type - would that
work for storing MD5'd passwords?

Or, do I need to migrate to SQL server?

Cheers


Dan
Click to expand...

Why not use a string field? MD5 isn't binary its plaintext.
 
G

Guest

Ray Booysen said:
Why not use a string field? MD5 isn't binary its plaintext.
Click to expand...

ok, now I'm *really* confused!

The code fro, the 4guys page generates a hash into a Byte array !? How do I
use the MD5 cryptography routines to generate a hash and store it in a string
field?!
 
W

Walter Wang [MSFT]

Hi,

Thank you for your post.

The 128-bit (16-byte) MD5 hashes (also termed message digests) are
typically represented as a sequence of 32 hexadecimal digits. You can use
following code to convert the byte array to a hex string:

Dim i As Integer = 0, md5 As String = String.Empty
For i = 0 To hashedBytes.Length - 1
md5 += hashedBytes(i).ToString("x")
Next

Hope this helps. Please feel free to post here if anything is unclear.

Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
W

Walter Wang [MSFT]

Sorry, I've made a typo in my last post about the code. Should be "x2"
instead of "x":

Dim i As Integer = 0, md5 As String = String.Empty
For i = 0 To hashedBytes.Length - 1
md5 += hashedBytes(i).ToString("x2")
Next


You can find more information here:

#MD5 Class
http://msdn2.microsoft.com/en-us/library/system.security.cryptography.md5.as
px

Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Hi Walter

That works cheers (well, it's gone into the database anyway!).

Just one thing that's confusing me. You said..
The 128-bit (16-byte) MD5 hashes (also termed message digests) are
typically represented as a sequence of 32 hexadecimal digits
Click to expand...

However, when I look at the database there are only 30 characters being put
into the Password field.

Is that right or is my code screwing something up somewhere?

Cheers


Dan
 
W

Walter Wang [MSFT]

Hi Dan,

Thank you for your update.

I hope you're not using my incorrect function in my first post (which is
corrected in my second post).

You can also verify the output of the empty string's hash value, which
should be "d41d8cd98f00b204e9800998ecf8427e".

Please feel free to post here if anything is unclear.

Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Hi Walter,

Thanks for the blank hash - that sorted it for me. Perfect.. but missing the
7e off the end...

Anyway, went through the code, and I'd done

i=0; i<hash.Length-1

which of course will lose me one character!

Sorted now, and all passwords are salted and hashing at 32 chars. Perfect!

Thanks for your help!
 
W

Walter Wang [MSFT]

Hi Dan,

Thank you for your update.

I'm sorry I should have made myself clear that my sample code is written in
VB.NET. Apparently you're using C#.

That's the difference between VB.NET and C#, VB.NET "to" means "<=", so we
have to use "to hash.Length - 1" in VB.NET and "< hash.Length" in C#.

Anyway, I am glad to hear that the problem has been fixed. If you have any
other questions or concerns, please do not hesitate to contact us. It is
always our pleasure to be of assistance.

Have a nice day!


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Walter,

I'm learning loads from this thread so thanks for your time. I do however
have just one more question for you :eek:)

Having gone through this, I had an Access database error on my public
server, causing the site to display the access "out of disk space" error -
not very professional that really!

So I decided to convert the site to sql server, as I'm moving it to .net 2
it makes sense to do everything at once.

Is there any advantage (either in security or performance) to storing the
salted hash in a Binary field (as the original article suggested) as opposed
to the hex string I'm currently storing, bearing in mind that I now have the
binary field available?

Any information appreciated!

Cheers


Dan
 
R

Ray Booysen

There is no need to store in a binary field. Since you know exactly how
many chars an MD5 hash stores, you can set the field to exactly that
many chars and save space.
 
G

Guest

heh

I don't "want" to store it as Binary. I'm perfectly happy storing it as the
text field hex thingy (and yep ive limited the field size).

The reason I was asking again about Binary was to simply confirm that there
was no performance hit from storing it as text as opposed to Binary.

I'm happy either way, it just seemed logical to ask the question now I've
switched it to sql server. :eek:)
 
W

Walter Wang [MSFT]

Hi,

Thank you for your update.

I would prefer to use CHAR(32) instead of BINARY since the length is fixed
and short. Binary field is normally used to store long, length-unknown
binary data such as multimedia data.

Hope this helps. Please feel free to post here if anything is unclear.

Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

md5 hashses 1
adodbapi integer parameters and MS Access 0
Digest authentication and MD5 passwords 1
ASP and MS Access 1
MD5 issue 0
Javascript MD5 Question 4
Asp.net retreiving ms access information 0
MS SQL database access 0

Members online

No members online now.
Total: 37 (members: 1, guests: 36)
Robots: 424

Forum statistics

Threads
473,770
Messages
2,569,584
Members
45,075
Latest member
MakersCBDBloodSupport

Latest Threads

Top