>I have a user in a table with a password. If I browse the table the password is encrypted.
>
>I have a small little program which looks for that user and I have entered the password
>in the program. This will then tell me if the user is in the system. When I state that the password in the table=password from my program. I get my userdefined messagebox stating the password is not correct.
>
>Therefore is it possible to authenticate a password against an encrypted password. For example
>for the user Neil the table looks like:
>
>Username Password
>
>NEIL wjfhsdgsd
>
>But I know the password is 'HOWAREYOU'
>
>Therefore is it possible to say if tablename.password='HOWAREYOU' and the two are matched or do I have to decrypt the password in some way.
>
>Many Thanks
You will need to bring the password to the same level as the encrypted one. There are multiple ways of handling it, but one way would be to create hash of the password and store that. Like unix does. Then compare the hash of the entered password with the hash stored in the table and compare them. This also prevents people from looking at the table and finding the password. It takes a very long time to reproduce a hash from brute force cracking. Especially if you do something like MD5 or SHA1.
Thanks,
Brian Seekford
Seekford Solutions, Inc.http://www.SeekfordSolutions.comInternet ActiveX Controls and .NET Class Libraries.
SMTP/S FTP POP3/S HTTP/S SNTP MIME PING WHOIS TRACEROUTE NNTP DNS MX
Base64, UUEncode, yEnc, MD5, SHA1, URL, Quoted-Printable.
Resizer and Tooltips
Email Verification and more. Check us out!