Re: The strongest alghorim?

> no more secure than what Access provides

Access used a fixed key, which could be deduced,
so that decryption was trivial. Has this been corrected?

When you use an encrypted database, you need to
provide a password. So database system has to
know the password, so that it can check your
password. To do this, the database system keeps
an encrypted version of the password: but you don't
provide a password to decrypt the password, so the
system has to use a fixed key to encrypt and decrypt
the password. People who know the fixed key can
decrypt your password, and decrypt the database.

The solution to use a different key for every
installation. This is how Windows Authentication
works. Windows uses different keys for every
installation of Windows, so there is not just
one key for crackers to find, so everytime anyone
want to find your Windows password they would
have to individually crack your Windows Server.

Access does not use a different key for every
installation of Access, because you want to be
able to take your database to a different computer,
and open it using just your security workgroup,
username, and password.

In contrast, if you go to a different company and
enter your Windows username and password, it won't
be accepted at all.

(david)

"Paul Overway" <paul@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OaxB2EfkFHA.2904@xxxxxxxxxxxxxxxxxxxxxxx
> Did you try Google for VB encryption API? In any case, the advice you
> received is probably the best you'll get. There are VB encryption
> algorithms available, but they are no more secure than what Access
> provides natively and require a lot of overhead and code. Probably much
> more than you should reasonably expect to get in a newsgroup.
>
> --
> Paul Overway
> Logico Solutions, LLC
> www.logico-solutions.com
>
>
> "Javier via AccessMonster.com" <forum@xxxxxxxxxxxxxxxxx> wrote in message
> news:51E6363794CE8@xxxxxxxxxxxxxxxxxxxx
>>
>> Thank you for you answer !
>>
>> I undestand what you mean ,................... but your answer do not
>> answer
>> my question.
>> Thank you any way !
>> Javier
>>
>>
>> Chris Mills wrote:
>>>> but I do Not want the Access
>>>> encryption build.
>>>
>>>Ah, you should think about that. The in-built Access encryption provides
>>>at
>>>least some defence vis-a-vis "deleted file space".
>>>
>>>In-built encryption, is of course separate from any custom encryption.
>>>There
>>>is no cost or overhead from using mdb in-built encryption, that I've
>>>heard of.
>>>Therefore, put it in as well.
>>>
>>>Chris
>
>


.

Relevant Pages

  • Re: How to prevent importing tables
    ... why in-built encryption doesn't even matter if they otherwise have ... off-topic but is all to do with security and "extraction". ... > sufficient permission to open the database, ... then they don't even need to decrypt it! ...
    (microsoft.public.access.security)
  • Re: Ecrypting a database
    ... Windows comes with a native file/folder encryption, ... account would need access to the database to unencrypt the ... >> I have a SQL database which will only be accessed only ...
    (microsoft.public.sqlserver.security)
  • Re: Unable to Decrypt Encrypted files
    ... there is not a program that will decrypt the files. ... point of encryption if there was? ... MS-MVP Windows - Shell/User ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Help encrypt conn string - no ASP, no server, cant protect keys, cant use Windows Authentica
    ... I want to deploy a .NET 2.0 Windows Forms application that uses an MS ... The database has been encoded and password ... I need a way to encrypt the connection string, ... The samples I've seen on the Internet use DPAPI and other encryption ...
    (microsoft.public.dotnet.security)
  • Re: Windows 2000 encrypted files
    ... Microsoft MVP (Windows, Security) ... > Settings\folder and copyed the Windows 2000 My ... and turn off file encryption it gives me an ... > error saying that it cannot decrypt any of the files. ...
    (microsoft.public.windowsxp.security_admin)