|
VB Helper Newsletter
|
Rod Stephens
|
Jan 13, 2009 08:49 PST
|
Someone posted a review of my new database book, "Beginning Database
Design Solutions."
You can read it at
http://www.amazon.com/exec/obidos/ASIN/0470385499/vbhelper.
(Still no reviews at Amazon.co.uk.)
----------
This week's newsletter has an interesting .NET program for storing
passwords. It's fairly simple but probably adequate, although I make no
warrantees!
It contains a lot of details so you'll have to read the code to see
edxactly how it works.
If you find any flaws, please let me know. Normally I don't worry too
much if a silly example contains a bug that prevents it from handling
odd special cases, but I'd rather not leave bugs in a program like this
one that protects passwords.
----------
Thanks for subscribing!
Rod
RodSte-@vb-helper.com
----------
*** Now Available ***
Beginning Database Design Solutions
http://www.amazon.com/exec/obidos/ASIN/0470385499/vbhelper/
Visual Basic 2008 Programmer's Reference
http://www.amazon.com/exec/obidos/ASIN/0470182628/vbhelper/
==========
VB6 Contents:
1. New HowTo: Use a program to merge PDF files in Visual Basic 6
VB.NET Contents:
2. New HowTo: Use the Cryptography API to generate secure random numbers
with Visual Basic 2005
3. New HowTo: Use the Cryptography API to build an application that
stores passwords in Visual Basic 2005
4. New Tip: Use the Split function easily in Visual Basic .NET
Both Contents:
5. Updated Links
==========
++++++++++
<VB6>
++++++++++
==========
1. New HowTo: Use a program to merge PDF files in Visual Basic 6
http://www.vb-helper.com/howto_pdf_merger.html
http://www.vb-helper.com/HowTo/howto_pdf_merger.zip
This is a PDF file merging application written by Patrice Goyer (thanks
Patrice). Here's his description:
PdfMerger is a fully fledged application that will concatenate simple
PDF documents
(typically most of PDF files generated with the open source software
"PDF Creator").
Essential features:
- in dialog mode : concatenation of 2 PDF files
- menu enabling to concatenate all PDF files in a directory, with
sorting options
- Drag and Drop supported
- "send to" supported (provided a shortcut to Pdfmerger is manually
added in the user's "SendTo" directory)
- a directory can be "sent to" PdfMerger for concatenating all the
PDF files in that directory
- possibility to change the TEMP directory
- automatic localization of the PDF reader on the computer (if any)
- suppression of the PDF identifier (this feature can easily be
disabled)
- PDF date forced to a fixed value (this feature can easily be
disabled)
- operates only on the physical structure of the document (physical
pages)
- encryption is NOT supported
- ...
Although PdfMerger is written in VB6 (with most comments in French),
some programming tricks (including some from your books or
Web site) may still be valuable to some VB programmers.
You may distribute Pdfmerger on the "VB Helper" portal, <B>with no
warranty</B>.
Thanks again, Patrice!
==========
++++++++++
<VB.NET>
++++++++++
==========
2. New HowTo: Use the Cryptography API to generate secure random numbers
with Visual Basic 2005
http://www.vb-helper.com/howto_2005_crypto_random_numbers.html
http://www.vb-helper.com/HowTo/howto_2005_crypto_random_numbers.zip
What does "secure random number" mean? It means that an attacker, after
seeing a series of random numbers that you generate, cannot predict the
next one with any success. Note that the function described here is
really only secure over a range of 256 values. See the discussion at the
end to see why.
The RandomInteger function creates an RNGCryptoServiceProvider object
(RNG stands for Random Number Generator). It then calls the object's
GetBytes method to get one random byte and scales it to fit the desired
range of return values.
' Return a random integer between a min and max value.
Public Function RandomInteger(ByVal min As Integer, ByVal max As
Integer) As Integer
Dim rand As New RNGCryptoServiceProvider()
Dim one_byte() As Byte = {0}
rand.GetBytes(one_byte)
Return min + (max - min) * (one_byte(0) / 255)
End Function
Note that the granularity of this method is only 1/256 so if you are
generating numbers over a large range, you will not get every possible
value. For example, if the range is 0 to 2550, then the function will
return values 0, 10, 20, and so forth. If you want finer granularity,
you'll need to use more bytes.
You might also want to divide by 256 instead of 255 so the function does
not return the maximum value. That would be more consistent with the way
.NET's Random class works.
==========
3. New HowTo: Use the Cryptography API to build an application that
stores passwords in Visual Basic 2005
http://www.vb-helper.com/howto_2005_store_passwords.html
http://www.vb-helper.com/HowTo/howto_2005_store_passwords.zip
DISCLAIMER: This example (actually every example on the VB Helper Web
site but this one in particular) is provided as-is with no warranty. It
is provided for instructional purposes and all that legal stuff that
basically means if you use this program to store real passwords you're
risking giving cyber-bandidos access to your checking account. You'd
better read through the code and make sure it's secure code before you
use it.
This is a fairly complex application so I won't describe it all here.
See the code for the details.
I was looking at a "My Favorite Windows Applications" sort of article
the other day. One of them was a password manager. You remember a single
well-chosen password and then the password manager stores passwords for
all of the myriad Web sites, legacy systems, and other places where you
need a password.
The result is that you can spend some extra though picking a really good
master password that you can remember and then let the program store
separate really cryptic passwords for each of the applications where you
need one.
This isn't all that hard an application to build so I thought I would
give it a shot. Please let me know if you see any holes in the security
of this program. Getting hole plugged in a secure applcation is tricky.
The program uses a set of functions to convert between plaintext and
ciphertext, and between arrays of bytes and textual representations.
(Yes, I know you could just keep the encrypted values in byte form but I
like to work with strings. This method should only slow things down a
little.) Those functions use methods provided by the .NET Cryptography
API. See the notes at the end for a list of the cryptographic objects it
uses.
The program stores the master password and a salt value in the Registry.
(A "salt" is a set of extra random bytes used to make it harder for an
attacker to build a dictionary of decoded values. Essentially it means
the attacker would need a dictionary for each salt value. Whenever this
program saves an encrypted value, it generates a random salt (using an
RNGCryptoServiceProvider object), uses it in the encryption, and saves
the encrypted value and its salt.)
When the program loads, it asks for the master password. If you enter it
correctly, the program uses it to load your saved passwords from the
Registry.
For each saved password, the program reads its salt value from the
Registry. It then uses the master password together with that salt to
decrypt the sdaved password.
The program similarly saves each password's name (so you know what Web
site or whatnot it is for) and the date it was last changed (so you can
make new ones every now and then).
Click a password's Copy button to copy the password to the Clipboard so
you can paste it onto a Web page. Click its New button to open the New
Password dialog.
To change a password, you can simply type in a new value or you ca nuse
the New Password form. That form lets you specify what characters are
allowed (letters, numbers, special characters, etc.), which are
required, and how long the password should be. It can then generate
random passwords for you. Because you (in theory) can get these
passwords back from the program, you don't need to remember them so you
can use the ugly random results it generates.
There are still features you could add. For example, you could make it
schedule passwords for expiration. Now it just tells you when a password
was changed and lets you notice that it's been 4 years since you changed
your Facebook password.
Notes
The program uses these cryptographic objects:
- RNGCryptoServiceProvider to generate random numbers such as salts
and random passwords.
- Rfc2898DeriveBytes to generate keys and initialization vectors
from passwords and salts.
- TripleDESCryptoServiceProvider to encrypt and decrypt.
==========
4. New Tip: Use the Split function easily in Visual Basic .NET
http://www.vb-helper.com/tip_easy_split.html
Thanks to Michael Rosqvist. Michael says:
If you add this module to a project:
Public Module Strings
Public Split As Func(Of String, String()) = _
Function(T As String) T.Split(New String() _
{",", " ", "."}, StringSplitOptions.RemoveEmptyEntries)
End Module
You can then write code like this:
Public Module Main
Sub Main()
Dim sq As String = "Vestibulum a elit . Morbi risus sem, imperdiet
et, laoreet sed, placerat id, mauris. "
Array.ForEach(Split(sq), Function(s As String) Wrajt(s))
Console.ReadLine()
End Sub
Private Function Wrajt(ByRef s As String) As Boolean
Console.WriteLine(s)
Return True
End Function
End Module
The benefit here is all split logic is in one place.
Another benefit is that you cannot call
Microsoft.VisualBasic.Strings.Split using Strings.Split.
==========
++++++++++
<Both>
++++++++++
==========
5. Updated Links
http://www.vb-helper.com/links.html
ExcelHints.com
http://excelhints.com
A medium/smallish Excel tip site with some descriptions of some of the
more complicated Excel features and worksheet functions.
New Links
http://www.vb-helper.com/links.html
TutorHunt.com
http://www.tutorhunt.com
A free site that connects tutors with students on a fairly wide range of
topics and various levels (grade school through degree and adult). Seems
to be in the U.K. only.
==========
Archives:
http://www.topica.com/lists/VBHelper
http://www.topica.com/lists/VB6Helper
http://www.topica.com/lists/VBNetHelper
Post questions at:
http://www.topica.com/lists/VBHelperQA
|
|
 |
|
