here's my problem: User inputs a password in the Options section of the program. The password is hashed (MD5) and stored in the registry. The program is ran, an Excel spreadsheet is created, and password protected using the hashed value that is stored in the registry. The user opens the spreadsheet, and is prompted to enter the password. The user enters the password, but it fails no matter what. The reason it fails is because the user is inputting the password in cleartext, yet the function is comparing it to a hashed value, which it will obviously error out. How can I hash the Excel password that is being entered when accessing the spreadsheet in order to compare it with the stored hash in the Registry? Any ideas on working around this would also be appreciated. I'm writing this in C# using Excel Interop... Thanks... Woody

Reputation: 1189

Comparing hashes when entering Excel password

here's my problem:

User inputs a password in the Options section of the program.
The password is hashed (MD5) and stored in the registry.
The program is ran, an Excel spreadsheet is created, and password protected using the hashed value that is stored in the registry.
The user opens the spreadsheet, and is prompted to enter the password.
The user enters the password, but it fails no matter what.

The reason it fails is because the user is inputting the password in cleartext, yet the function is comparing it to a hashed value, which it will obviously error out.

How can I hash the Excel password that is being entered when accessing the spreadsheet in order to compare it with the stored hash in the Registry?

Any ideas on working around this would also be appreciated.

I'm writing this in C# using Excel Interop...

Thanks...

Woody

Upvotes: 1

Answers (3)

Mike Rosenblum

Reputation: 12157

Your program will have to provide the password, because the user doesn't know what it is!

Fortunately, the Excel.Workbooks.Open method takes an argument permitting you to specify the password required. So your code could get the hashed password from the registry (or from wherever you are storing it) and then open the wokrbook via code:

string fileName = @"C:\...";
string password = GetHashedPasswordFromRegistry();

Excel.Workbook workbook = excelApp.Workbooks.Open( 
    fileName, Type.Missing, Type.Missing,Type.Missing,
    password, Type.Missing, Type.Missing, Type.Missing,
    Type.Missing, Type.Missing, Type.Missing, Type.Missing,
    Type.Missing, Type.Missing, Type.Missing);

I think this should do what you're looking for? Let us know how it goes...

Mike

Upvotes: 1

Dan Diplo

Reputation: 25359

I'd don't really know what Excel interop can do, but in standard C# / .NET the quickest way to hash a password in MD5 format is use:

string hashedPassword = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("password", "MD5")

See FormsAuthentication.HashPasswordForStoringInConfigFile Method. (Yes, it's a stupid method name in the wrong namespace!).

Upvotes: 0

grenade

Reputation: 32169

Like this:

using System;
using System.Security.Cryptography;
using System.Text;

public static class Helpers
{
    public static Guid GetHash(string password)
    {
        return new Guid(new MD5CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(password.Trim())));
    }
}

usage:

string hash = Helpers.GetHash("password").ToString();

Upvotes: 0

Comparing hashes when entering Excel password

Answers (3)

Related Questions