The strongest alghorim?

  • Thread starter Thread starter Javier
  • Start date Start date
J

Javier

I need to encrypt my data (tables) , but I do Not want the Access
encryption build.

Does any body suggest a good encrypt alghorim (more than 40 bits)
wrote it in VBA ??

Thank you !
 
but I do Not want the Access
encryption build.
Click to expand...
Ah, you should think about that. The in-built Access encryption provides at
least some defence vis-a-vis "deleted file space".

In-built encryption, is of course separate from any custom encryption. There
is no cost or overhead from using mdb in-built encryption, that I've heard of.
Therefore, put it in as well.

Chris
 
Thank you for you answer !

I undestand what you mean ,................... but your answer do not answer
my question.
Thank you any way !
Javier
 
Did you try Google for VB encryption API? In any case, the advice you
received is probably the best you'll get. There are VB encryption
algorithms available, but they are no more secure than what Access provides
natively and require a lot of overhead and code. Probably much more than
you should reasonably expect to get in a newsgroup.
 
Thank Paul for answering !!

The reason why I do Not want to use the In-built encryption ( Access native)
I think it is Not interesting now to explain ........

Ok I will try with VB encryption but ,.........Why is so difficult to find a
strong alghorim in VBA (open code) ???
regards
Javier


Paul said:
Did you try Google for VB encryption API? In any case, the advice you
received is probably the best you'll get. There are VB encryption
algorithms available, but they are no more secure than what Access provides
natively and require a lot of overhead and code. Probably much more than
you should reasonably expect to get in a newsgroup.
Thank you for you answer !
Click to expand...
[quoted text clipped - 18 lines]
Click to expand...
 
The built-in encryption is only 32 bits and /does/ impose a processing
overhead. Microsoft themselves put that figure at about 15%.

One of the easiest ciphers to code in VB[A], is RC4. You'll find
implementations of it all over the web; typically called ARC-FOUR (or
similar) for trademark purposes.

Professional cryptographers have deprecated RC4 because (a) it is very
easy to make fatal implementation mistakes, and (b) it has a known
distinguisher; that is, you can /tell/ that a byte stream is
RC4-encoded, with some degree of statistical certainty, after 'x'
amount of data.

(a) applies to /all/ stream ciphers, not just RC4, so it is irrelevant
as a criticism of RC4 imho.

(b) needs *terabytes* of data, and it does not even lead to a *crack*,
so it is irrelevant to oridinary mortals, again imho.

RC4 is available via CryptoAPI, but I think from memory that it is
hobbled at 40 bits, there.

Whatever cipher you use, remember that is very easy to make fatal
mistakes which can be exploited to crack your cipher. Even if the
cipher itself is bulletproof, your /use/ of it might be easily
crackable, if you make a mistake. Eg. for stream ciphers such as RC4,
look up "known plaintext" attacks.

HTH,
TC
 
Hi HC !

1-Thanks for your advices and support really very good !!!

2- If Professional cryptographers have deprecated RC4 Algorithm as you said,
………. which is a good encrypt alghorim (more than 40 bits) wrote it in VBA
as I asked in my first post ??

3-As you said: “What ever cipher you use, remember that is very easy to make
fatal
mistakes which can be exploited to crack your cipher. Even if the
cipher itself is bulletproof, your /use/ of it might be easily
crackable, if you make a mistake”

Sorry can you explain a little bit more about it ??
How is possible to make a faltal mistake on porpouse in VBA ??


4-Concerning others algorithms like AES Algorithm (Rijndael) used by populars
progrmas like Winzip 9.0 or PkZip 8.0 or WinRar 3.3 and many others popular
programs looks like is becoming more a standard algorithms with a 128 bit
encryption.

Do you know where to get a VBA public code (Not in VB please) one of the
followings Algoritms ???

Adfgvx
AES
Base64
BlowFish
DES
Enigma
Gost
PLAYFAIR
RC4
SHA-1
SkipJack
TEA
XOR
RSA

Thanks again
Javier
 
no more secure than what Access provides

Access used a fixed key, which could be deduced,
so that decryption was trivial. Has this been corrected?

When you use an encrypted database, you need to
provide a password. So database system has to
know the password, so that it can check your
password. To do this, the database system keeps
an encrypted version of the password: but you don't
provide a password to decrypt the password, so the
system has to use a fixed key to encrypt and decrypt
the password. People who know the fixed key can
decrypt your password, and decrypt the database.

The solution to use a different key for every
installation. This is how Windows Authentication
works. Windows uses different keys for every
installation of Windows, so there is not just
one key for crackers to find, so everytime anyone
want to find your Windows password they would
have to individually crack your Windows Server.

Access does not use a different key for every
installation of Access, because you want to be
able to take your database to a different computer,
and open it using just your security workgroup,
username, and password.

In contrast, if you go to a different company and
enter your Windows username and password, it won't
be accepted at all.

(david)
 
Javier said:
Hi HC !

1-Thanks for your advices and support really very good !!!
Click to expand...

Glad I could help!

2- If Professional cryptographers have deprecated RC4 Algorithm as you said,
.......... which is a good encrypt alghorim (more than 40 bits) wrote it in VBA
as I asked in my first post ??
Click to expand...

Personally I would still be happy to use RC4. It's simple to code, and
very fast. Do a google search for "arcfour vb" (without the quote
marks) and you should be able to find it.

3-As you said: "What ever cipher you use, remember that is very easy to make
fatal
mistakes which can be exploited to crack your cipher. Even if the
cipher itself is bulletproof, your /use/ of it might be easily
crackable, if you make a mistake"

Sorry can you explain a little bit more about it ??
How is possible to make a faltal mistake on porpouse in VBA ??
Click to expand...

Say you encrypted two different messages, using the same encryption
key. If you did this using a so-called "block cipher", like DES, that
would be fine. But if you did it using a "stream cipher", like RC4,
this would open you to a devastating "known plaintext" attack.

These things can't be explained in a newsgroup post. You need to
research these terms ("block cipher", "stream cipher", "known plaintext
attack", and so on), to understand what they mean.


4-Concerning others algorithms like AES Algorithm (Rijndael) used by populars
progrmas like Winzip 9.0 or PkZip 8.0 or WinRar 3.3 and many others popular
programs looks like is becoming more a standard algorithms with a 128 bit
encryption.
Click to expand...

AES is the new US standard. If you could find an implementation of AES
in VBA, that would be fine - as long as you implemented it properly.

Do you know where to get a VBA public code (Not in VB please) one of the
followings Algoritms ???

Adfgvx
AES
Base64
BlowFish
DES
Enigma
Gost
PLAYFAIR
RC4
SHA-1
SkipJack
TEA
XOR
RSA
Click to expand...

Just google on the appropriate terms, eg. AES VB, or AES VBA.
(Remember: for a simple procedure or function, like RC4/ARCFOUR for
example, the VB code will be virtually identical to VBA.)

HTH,
TC
 
david said:
Access used a fixed key, which could be deduced,
so that decryption was trivial. Has this been corrected?
Click to expand...


I believe that Access/Jet encryption has been wrongly criticised from
the beginning.

People have /assumed/ that the encryption was being used for its normal
purpose: that is, to hide the encrypted information from unauthorized
people. If that was the aim, then, MS clearly failed to achieve that
aim, since the decryption keys can be extracted from the file iteself.

However, in my opinion, Access/Jet encryption was only ever intended to
stop people viewing /or changing/ the file directly, using a text/hex
editor. For that purpose, the current encryption scheme works fine. I'm
not aware of anyone, anywhere, who would attempt /directly editing/ an
encrypted database.

HTH,
TC
 
david epsom dot com dot au said:
Access used a fixed key, which could be deduced,
Click to expand...

To an "average" user even programmer, the Access encrypted database prevents
casual external "dump" utilities, stuff lying around in freed disk-space,
things like that. It does not have to flumox the NSA.

If an mdb does not have "in-built encryption", it's amazing what can be
gleaned from dump-type utilites. Being nothing to do with MS-Access, normal
Access security does not apply.

I just created a (unencrypted) database and put in some data "secret
message". With system dump utilities, no probs to see it at all!

I think this is a subject worthy of this newsgroup. I'm no special expert.
Mind you, I always use in-built Access encryption. I think...

(nothing to do with the poster's question of course)
Chris

(On a previous proprietary OS not Microsoft, it was amazing what you could see
when freed disk-space was attached to the end of your own file. Embarrassing
stuff like an email from a wife to a husband or vice-versa. Totally
inadvertent, we're not even talking trying to crack stuff here. That OS did
have a DELETE;SHRED option. It should have been the default)
 
Ok !!

I appreciate all your answers !

it seams all my questions are already answered in Internet (Google)

Thank you anyway!!
Regards
 
Back
Top