Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Password encryption methods in classic ASP [closed]

I am looking for a method to encrypt/decrypt password in classic ASP. Can someone please suggest to me which method is good to go and what are the possible ways to do this in classic ASP.

like image 463
anbusekar Avatar asked Sep 26 '11 15:09

anbusekar


2 Answers

You can download this free Classic ASP/VBScript script here which encrypts a string to SHA-256, an industry standard one-way hash function:

http://www.freevbcode.com/ShowCode.asp?ID=2565

Most people don't decrypt a password once it has been encrypted. The idea is to store a non reversible, encrypted password in your DB, which in turn stops an attacker reading passwords if the manage to get to your DB. When somebody enters a password, you encrypt the users input and match it against the encrypted password in the DB.

But hashing alone is not secure enough. You have to add a SALT value to the password you want to hash, to make it unbreakable. Salt should be a random but unique password that gets added to the password before hashing, for example:

password = Request("password")
salt = "2435uhu34hi34"
myHashedPassword = SHA256_function(password&salt)
like image 62
TheCarver Avatar answered Oct 18 '22 13:10

TheCarver


I've created a class of functions for hashing passwords in Classic ASP. As well as a standard hashing function that uses MD5, SHA1, SHA256, SHA384 or SHA512 and an auto-generated salt and optional pepper, there's also support for Argon2, Bcrypt and PBKDF2

The standard hashing function should work on most shared hosting servers, the rest require the installation of COM DLL's which I have created and uploaded to GitHub. Everything is outlined and demonstrated in this repository:

https://github.com/as08/ClassicASP.PasswordHashing

like image 2
Adam Avatar answered Oct 18 '22 13:10

Adam