使用Access / VBA进行RC4加密 [英] RC4 Encryption with Access/VBA

问题描述

这是一个适合所有人的问题，但是Rabbit ...我在RC4（V4和VBScript的RC4加密算法）上阅读了你的文章，并在数据库中使用过它。它工作得很好，但当然我所做的就是混淆数据而不是实际加密（因为密钥保存在数据库中）。


你知道一种隐藏的方法吗？在典型的Access数据库中使用RC4时的关键？


谢谢，

Brad

This is a question for all, but Rabbit... I read your article on RC4 ("RC4 Encryption Algorithm for VBA and VBScript"), and have used it in a DB. It works great, but of course all I am doing is obfuscating the data instead of actually encrypting (because the key is kept in the database).

Do you know of a way to hide the key when using RC4 in a typical Access DB?

Thanks,
Brad

推荐答案

您使用密码输入表单让有权访问该特定数据的用户输入密码。


如果您的目标是允许任何拥有合法数据库访问权限的人查看全部数据，那么你真的不需要在我的文章中使用加密函数。您可以使用Access附带的内置完整文件加密。它更快，并且加密所有内容而不仅仅是数据。


我的加密代码的来源是你希望某些用户能够访问某些数据。在这种情况下，您只使用他们知道的密码加密机密数据，并使用表单让他们输入加密/解密密码。表单会将密码哈希值与其条目的哈希值进行比较，以确保输入正确的密码而不存储实际密码。

You use a password entry form to let the users that have access to that particular data enter the password.

If your goal is to allow anyone who has legitimate access to the database see all the data, then you don''t really need to use the encryption functions in my articles. You can just use the built in full file encryption that comes with Access. It''s quicker and encrypts everything instead of just the data.

Where my encryption code would come in is when you want some users to have access to some of the data. In this scenario, you encrypt the confidential data with a password only they know and you use a form to let them enter the password for encryption / decryption. The form would compare the password hash to the hash of their entry to make sure they entered the correct password without storing the actual password.

实际上，我使用RC4的方法是加密包含用户密码的表以进入数据库。 RC4函数用于加密他们选择的密码，然后用来解密它以检查它们在打开数据库时输入的PW是什么。


所以加密工作很好，但RC4功能需要一个键，我只是想办法隐藏正在使用的密钥（密钥管理）。


谢谢。

Actually, what I am using the RC4 for is to encrypt the table containing user passwords to enter the database. The RC4 function is used encrypt the password they choose, and then used to decrypt it to check it against what the PW they enter upon opening the DB.

So the encryption is working great, but the RC4 function requires a key, and I just can''t figure out a way to hide the key being used (key management).

Thanks.

您不会加密密码进行存储。相反，您散列密码并存储散列。哈希不需要使用密码，只是单向的，这意味着你不能拿哈希并检索原始值。这对于密码是好的，因为你不需要原始密码，你只需要比较两个哈希值是否相同。

You don''t encrypt passwords for storage. Instead, you hash the passwords and store the hash. Hashes don''t require a password to use and are one way only, meaning you can''t take the hash and retrieve the original value. Which is fine for passwords because you don''t need the original password, you only need to compare if two hashes are the same.

这篇关于使用Access / VBA进行RC4加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！