Data Encyption

[Joe Williams]

I have some data in tables regarding system setup parameters that I would
rather the user not be able to see or manipulate.

After experimenting with ways to hide tables, i stumbled across the AES
encryption, which allows you to encrypt data in an access table.

My question is, what issues should I be aware before i try to immplement
this in my application? How secure is the encryption? It looks as if you
need a key to unencrypt or encrypt the data. If I hard code the encryption
key and make the DB an MDE, that would seem to be pretty secure, right?

Any thoughts on encryption?

Thanks

Joe

 

[aatcbbtccctc]

I have some data in tables regarding system setup parameters that I would
rather the user not be able to see or manipulate.

After experimenting with ways to hide tables, i stumbled across the AES
encryption, which allows you to encrypt data in an access table.


My question is, what issues should I be aware before i try to immplement
this in my application?

Using AES is overkill for the need you describe. Go with a simple XOR
cipher. Unfortunately I do not have a URL handy. Some googling should
find one for you, easily.

How secure is the encryption?

Er, given that AES is the new US government standard?

It looks as if you need a key to unencrypt or encrypt the data.

If you didn't, there wouldn't be much point to it, would there!

If I hard code the encryption key and make the DB an MDE, that would

seem to be pretty secure, right?

Wrong. If the key occupied contiguous bytes (or unicode double-bytes)
within the file, it could be found by a simple "sliding window" attack.
Not that your users would be likely to try that

Any thoughts on encryption?

Yes. A simple scheme requiring 10% effort, will deter 99% of the people
who you want to deter. *No amount* of extra effort, will deter the
remaining 1%.

HTH,
TC

 

[Joe Williams]

Hi, Thanks for the great reply. I did a quick search and came up with this
code, it says it is Vignere with XOR? It is a really lightweight function,
is this giving me the bang for the buck that I need?

Public Function VignereCode(ByVal InText As String, ByVal Password As
String) As String
'uses the vignere method with XOR. Can decode as well as encode
Dim i As Long, j As Long
Dim s As String
j = 0
If Len(Password) Then
For i = 1 To Len(InText)
s = s & Chr$(Asc(Mid$(InText, i, 1)) Xor Asc(Mid$(Password, j + 1,
1)))
j = (j + 1) Mod Len(Password)
Next i
Else
For i = 1 To Len(InText)
s = s & Chr$(&HFF Xor Asc(Mid$(InText, i, 1)))
Next i
End If
VignereCode = s
End Function

THanks

Joe

 

[aatcbbtccctc]

Amended from
http://support.microsoft.com/default.aspx?scid=kb;en-us;110308 :

(untested)

Sub EncryptDecrypt (pData as string, pPassword as string)
' pData = the string you wish to encrypt or decrypt.
' pPassword = the password with which to encrypt or decrypt;
' can be longer than, shorter than, or the same
' size as, the data pData.
dim L as long, X as long, ch as string
L = Len(pPassword)
For X = 1 To Len(pData)
ch = Asc(Mid$(pPassword, (X Mod L) - L * ((X Mod L) = 0), 1))
Mid$(pData, X, 1) = Chr$(Asc(Mid$(pData, X, 1)) Xor ch)
Next
End Sub

Example:

dim s as string
s = "my secret data"
EncryptDecrypt s, "blah99"
msgbox (s) ' unintelligible!
EncryptDecrypt s, "blah99"
msgbox (s) ' "my secret data"!

Note that the m'soft version is a procedure (not a function) which
modifies the actual pData parameter. *Blech* It should be a function,
which returns the encrypted or decrypted value, and leaves the pData
value alone.

P.S. The bad line breaks are not my doing. The new google groups is
doing that.

HTH,
TC

 

[aatcbbtccctc]

Hi Joe

I didn't see your reply until I posted my second one just now. Great
that google groups now shows new posts immediately, instead of the old
6 hour wait.

At a *quick glance*, it is clearly a similar or identical method. But I
have not checked it out in detail. It does have one advantage over the
one I posted: namely, that it is already defined as a function. Perhaps
try them both, & see which works for you!

HTH,
TC
(off for the day)