Menu
I am looking for a method to encrypt/decrypt password in classic ASP. Can someone please suggest to me which method is good to go and what are the possible ways to do this in classic ASP.
463
You can download this free Classic ASP/VBScript script here which encrypts a string to SHA-256, an industry standard one-way hash function:
http://www.freevbcode.com/ShowCode.asp?ID=2565
Most people don't decrypt a password once it has been encrypted. The idea is to store a non reversible, encrypted password in your DB, which in turn stops an attacker reading passwords if the manage to get to your DB. When somebody enters a password, you encrypt the users input and match it against the encrypted password in the DB.
But hashing alone is not secure enough. You have to add a SALT value to the password you want to hash, to make it unbreakable. Salt should be a random but unique password that gets added to the password before hashing, for example:
password = Request("password")
salt = "2435uhu34hi34"
myHashedPassword = SHA256_function(password&salt)
I've created a class of functions for hashing passwords in Classic ASP. As well as a standard hashing function that uses MD5, SHA1, SHA256, SHA384 or SHA512 and an auto-generated salt and optional pepper, there's also support for Argon2, Bcrypt and PBKDF2
The standard hashing function should work on most shared hosting servers, the rest require the installation of COM DLL's which I have created and uploaded to GitHub. Everything is outlined and demonstrated in this repository:
https://github.com/as08/ClassicASP.PasswordHashing
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
