The Crypt.MD5 function encrypts a password string using the MD5 algorithm with the following syntax:
Static Function MD5 ( Password As String [ , Prefix As String ] ) As String
A prefix can optionally be used that is exactly eight characters long. The characters are taken from the following character set:
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./
If the prefix is not specified, then a random value is set for the prefix.
Please note that there is no method to decrypt a password string encrypted with the Crypt.MD5 function. This has consequences for the use of the Crypt component. You can only use the method Crypt.Check(..) to check whether an entered password - which is internally encrypted according to the algorithm MD5 - matches an encrypted password stored in the programme or a file or not.
For this reason, you will be introduced to an MD5 password generator with which you can generate strong passwords to use in your programmes.
In my opinion, a strong password can be defined like this:
The MD5 password generator presented uses the Crypt.MD5 function, allows the use of a prefix, checks the prefix and the strength of the password string entered.
Figure 28.2.1.1: MD5 password generator with prefix.
Here is a selection of encrypted passwords - without a fixed prefix - for the plaintext password '#GAMbas+340' :
If the plaintext password is not a strong password, then this is signalled and the criteria for a strong password is displayed.
Figure 28.2.1.1.2: Weak password
Figure 28.2.1.1.3: Notes for a strong password
You can also use a prefix. Then there is exactly one encrypted password for this one prefix:
Figure 28.2.1.1.4: Encryption with a prefix
The syntax of the prefix is checked and if an error occurs, appropriate messages and notes are displayed:
Figure 28.2.1.1.5: Error message
You will then be given hints on which criteria to follow for a correct prefix:
Figure 28.2.1.1.6: Hints for a correct prefix
In the source code, regular expressions, among others, are used for checking strong passwords or correct prefixes. Otherwise, the source code is without surprises and is only given in excerpts:
' Gambas class file ' The components gb.crypt and gb.pcre must be included Public Sub Form_Open() FPasswort.Center ... End ' Form_Open() Public Sub btnPasswordGenerate_Click() Dim sStrongPassword, sValidPrefix, sMessage As String If Len(txtPasswordInput.Text) = 0 Then Message.Error("Enter a password!") txtPasswordInput.SetFocus Return Endif ' Len(txtPasswordInput.Text) = 0 ? If InStr(txtPasswordInput.Text, Chr(32)) <> 0 Then Message.Error("<hr><br>The password may <font color='red'>none</font> Space \ contain!<br><hr>") txtPasswordInput.SetFocus Return Endif ' InStr(txtPasswordInput.Text, Chr(32)) <> 0 ? If CheckStrongPassword(txtPasswordInput.Text) = True Then sStrongPassword = txtPasswordInput.Text Else sMessage = "<hr>" sMessage &= "<p>The password entered is not <font color='red'>starkes</font> \ password!</p>" sMessage &= "Learn about the syntax of strong passwords.<br>" sMessage &= "<hr>" Message.Error(sMessage) btnInformation_Click() txtPasswortInput.SetFocus Return Endif ' CheckStrongPassword(...) If optMD5.Value = True Then txtKeyOutput.Text = Crypt.MD5(sStrongPassword) Else If CheckPrefix(txtPrefixInput.Text) = True Then sValidPrefix = txtPrefixInput.Text txtKeyOutput.Text = Crypt.MD5(sStrongPassword, sValidPrefix) Else sMessage = "<hr>" sMessage &= "<p>The entered MD5 prefix is <font color='red'>incorrect! \ </font></p>" sMessage &= "Find out about the syntax of the MD5 prefix.<br>" sMessage &= "<hr>" Message.Error(sMessage) btnPrefixInformation_Click() txtPrefixInput.SetFocus Endif ' CheckPrefix(txtPrefixInput.Text) = True ? Endif ' optMD5.Value = True ? End ' btnPasswordGenerate_Click() Private Function CheckPrefix(sPrefix As String) As Boolean Dim sSubject, sPattern As String sSubject = sPrefix sPattern = "^([a-zA-Z0-9./]{8})$" If Match(sSubject, sPattern) = True Then Return True Else Return False Endif ' Match(sSubject, sPattern) = True ? End ' CheckPrefix(sPrefix As String) As Boolean Private Function CheckStrongPassword(sPassword As String) As Boolean Dim sSubject, sPattern As String sSubject = sPassword sPattern = "(?=^.{8,}$)(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)(?![.\n])(?=.*[+#_@!?§$%*]).*$" If Match(sSubject, sPattern) = True Then Return True Else Return False Endif ' Match(sSubject, sPattern) = True ? End ' CheckStrongPassword(sPassword As String) As Boolean Public Function Match(Subject As String, Pattern As String) As Boolean Dim rRegex As Regexp rRegex = New Regexp(Subject, Pattern) If rRegex.Offset = -1 Then Return False Else Return True Endif ' rRegex.Offset = -1 End ' Match(...) ... Public Sub btnClose_Click() FPasswort.Close End ' btnClose_Click()
The complete project can be found in the download section and an application of the MD5 password generator in the following chapter.