I've been building a custom access DB and I have added a login screen with usernames and passwords. Originally I used SHA1 and no salt to hash the passwords. (I know that's not very secure, but it was only meant for a few users and contained no personal information)
However corporate has seen the DB application and they want to install it and add more users and features. I'd like to start using Salts and PBKDF2 to has the passwords, but I couldn't find any information on PBKDF2 with MS Acess specifically. Below are the 2 functions I pieced together
Public Function PBKDF2(pass As String, salt As String, inter As Int32) As String
Set oT = CreateObject("System.Text.UTF8Encoding")
Dim bytes() As Byte
TextToHash = oT.GetBytes_4((pass))
SaltBytes = oT.GetBytes_4((salt))
Set oRFC = CreateObject("System.Security.Cryptography.Rfc2898DeriveBytes( (TextToHash), (SaltBytes), inter )")
bytes() = oRFC.GetBytes(16)
PBKDF2 = ByteArrayToHex(bytes())
End Function
Private Function ByteArrayToHex(ByRef ByteArray() As Byte) As String
Dim lb As Long, ub As Long
Dim l As Long, strRet As String
Dim lonRetLen As Long, lonPos As Long
Dim strHex As String, lonLenHex As Long
lb = LBound(ByteArray)
ub = UBound(ByteArray)
lonRetLen = ((ub - lb) + 1) * 3
strRet = Space$(lonRetLen)
lonPos = 1
For l = lb To ub
strHex = Hex$(ByteArray(l))
If Len(strHex) = 1 Then
strHex = "0" & strHex
End If
If l <> ub Then
Mid$(strRet, lonPos, 3) = strHex & " "
lonPos = lonPos + 3
Else
Mid$(strRet, lonPos, 3) = strHex
End If
Next l
ByteArrayToHex = strRet
End Function
I get the error
"ByRef argument mismatch"
Is there a better way to implement PBKDF2 in Access VBA, or is there a fix for these functions?
@zaph and @EricvonAsmuth both have valid points. It looks like Rfc2898DeriveBytes can't be directly used in VBA. It might be simpler to try another path.
There are native VB6/VBA SHA1 implementations you can find online. You can test these against online SHA1 generators to verify validity.
Depending on your comfort level with .NET and COM, this approach might be easier.