tags:

views:

216

answers:

3
+1  Q: 

Comparing hashes when entering Excel password

Hi everyone, here's my problem:

  1. User inputs a password in the Options section of the program.
  2. The password is hashed (MD5) and stored in the registry.
  3. The program is ran, an Excel spreadsheet is created, and password protected using the hashed value that is stored in the registry.
  4. The user opens the spreadsheet, and is prompted to enter the password.
  5. The user enters the password, but it fails no matter what.

The reason it fails is because the user is inputting the password in cleartext, yet the function is comparing it to a hashed value, which it will obviously error out.

How can I hash the Excel password that is being entered when accessing the spreadsheet in order to compare it with the stored hash in the Registry?

Any ideas on working around this would also be appreciated.

I'm writing this in C# using Excel Interop...

Thanks...

Woody

A: 

Like this:

using System;
using System.Security.Cryptography;
using System.Text;

public static class Helpers
{
    public static Guid GetHash(string password)
    {
        return new Guid(new MD5CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(password.Trim())));
    }
}

usage:

string hash = Helpers.GetHash("password").ToString();
grenade  2009-08-06 19:34:26
Thank you for the quick comment. But I think you might not understand what I'm saying -- I'm trying to hash the value that is inputted into Excel when the spreadsheet is being opened. I know of no way to do that without being able to hook into Excel in some way -- in essence, during that authentication... I know how to hash variables -- it's the issue of hashing the inputted password that is inputted into Excel's dialog box...
Woody  2009-08-06 19:52:33
My bad. I don't know the answer to that.
grenade  2009-08-06 20:25:04
A: 

I'd don't really know what Excel interop can do, but in standard C# / .NET the quickest way to hash a password in MD5 format is use:

string hashedPassword = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("password", "MD5")

See FormsAuthentication.HashPasswordForStoringInConfigFile Method. (Yes, it's a stupid method name in the wrong namespace!).

Dan Diplo  2009-08-06 19:37:11
+1  A: 

Your program will have to provide the password, because the user doesn't know what it is!

Fortunately, the Excel.Workbooks.Open method takes an argument permitting you to specify the password required. So your code could get the hashed password from the registry (or from wherever you are storing it) and then open the wokrbook via code:

string fileName = @"C:\...";
string password = GetHashedPasswordFromRegistry();

Excel.Workbook workbook = excelApp.Workbooks.Open( 
    fileName, Type.Missing, Type.Missing,Type.Missing,
    password, Type.Missing, Type.Missing, Type.Missing,
    Type.Missing, Type.Missing, Type.Missing, Type.Missing,
    Type.Missing, Type.Missing, Type.Missing);

I think this should do what you're looking for? Let us know how it goes...

Mike

Mike Rosenblum  2009-08-07 22:02:33
I can't believe I overlooked that option. Thanks much, Mike...
Woody  2009-08-08 15:30:20
No problem, Woody. In C# 3.0 we're forced to provide every single argument, so it's easy to overlook. The good news is that it's there! :-)
Mike Rosenblum  2009-08-08 20:18:51

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?