[AccessD] Hash MD5 (Crypto) (was: OT- I am a lucky winner??)

Gustav Brock gustav at cactus.dk
Fri Sep 26 13:38:01 CDT 2003 

Hi John

Here is elaborate documentation and code in C:

  http://www.ietf.org/rfc/rfc1321

You can get some tools for this too.
Here's an example, free for personal use:

  http://www.cryptosys.net/hash.html

Here are free code examples:

  http://www.frez.co.uk/freecode.htm#md5

And here is a Japanese dll by Takeshi Tojo:

  http://my.vector.co.jp/servlet/System.FileDownload/download/ftp/0/78833/pack/win95/prog/lib/aspmd5.lzh


/gustav


> Date: 2003-09-26 19:26

> Wow, you have this one way hash algorithm?  Would you share it?

> John W. Colby
> www.colbyconsulting.com

> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Stuart Sanders
> Sent: Friday, September 26, 2003 12:57 PM
> To: 'Access Developers discussion and problem solving'
> Subject: RE: [AccessD] OT- I am a lucky winner??


> Well... Since this might be vaguely on topic...

> I can honestly say I don't know how a bank stores your pin number.  What I
> can
> say is that neither a bank and its employees *may* not be able to get your
> pin
> number except via the old fashioned brute force method.

> The reason this might be considered on topic is because it uses a method
> which I
> use in access for storing certain data ... Like user passwords for my light
> security.

> Hows does this work you say?  (well I hope someone is interested anyway)

> There are algorithms that produce a 1 way irreversible hash of a string (or
> number as the case may be).  So when you initialise or change a password,
> you
> create the hash, and store the hash only, not the pin or password itself.

> When you need to check for user authenticity the user enters the user name
> (inserts the card) and then enters the password/pin.  You can verify whether
> the
> password/pin is correct by running the same hash on it and then comparing
> the
> result to the stored hash in the database.

> Thus you have a method that enables you to "store" the pin/password without
> actually being able to recover it except by a brute force method.  Ie to
> find
> the correct password/pin you would have to enter something and then compare
> the
> hashed result with the "correct" stored hash.

> The are many of these algorithms, some being more secure than others.  A
> relatively simple and commonly used one is md5.

More information about the AccessD mailing list