Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions (40)

Encrypting Passwords in ASP

By , 19 Jan 2002
 

Introduction

Do you have a website where users need to login, and when they do you compare the password they enter with a column in a usertable? Some people do logins like this. It's easy to program and it works just fine. But what if someone got hold of the usertable and all the passwords of everyone? You may want to hide or encrypt the passwords in the usertable. Many programming languages have functions to do this. I make ASP-webpages, and I haven't found any quick functions to do this. There are plenty of components to do this, some free of charge even. But what if you cant install components on the webserver

Here is a short and neat way to encrypt your users passwords. You need two strings for it to work. Typically the username and the password.

Code

Function encrypt(x1, x2)
    s = ""
    t = 0
    For i = 1 to len(x1)
        t = t + asc(mid(x1,i,1))
    Next
    For i = 1 to len(x2)
        y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
        s = s & chr(y)
    Next
    For i = (len(x2) + 1) to 10
        If t>598.8 Then t = 598.8
        y = t^3*i mod 255
        s = s & chr(y)
    Next
    encrypt = s
End Function

If you want to test this function you can create an asp-page and upload it to your website. Here's my codelisting to encrypt.asp

<%
Function encrypt(x1, x2)
    s = ""
    t = 0
    For i = 1 to len(x1)
        t = t + asc(mid(x1,i,1))
    Next
    For i = 1 to len(x2)
        y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
        s = s & chr(y)
    Next
    For i = (len(x2) + 1) to 10
        If t>598.8 Then t = 598.8
        y = t^3*i mod 255
        s = s & chr(y)
    Next
    encrypt = s
End Function
%>

<html>
<head>
 <title>Encrypt</title>
</head>

<body>
<% If request.form("name") = "" Then %>
<form action="encrypt.asp" method="post">
<input type="text" name="name"><input type="text" name="pass">
<input type="submit">
</form>
<% Else  %>
<% response.write encrypt(request.form("name"),request.form("pass")) %>
<% End If %>
</body>
</html>

Remarks

  • The function is not reversible, so there is no way to take the result and reverse it into the password. You will need to recreate the password with a new one (some users seem to forget their passwords and always wants it retreieved)
  • This is not a high-level encryption, but its good enough to hide it from lame hackers (hehe).
  • The password is always sent from the user inputpage to the page encrypting it. Somewhere in between a hacker can fetch it. Secure zones (SSL) can remedy this.
  • Feel free to use the code to whatever you like. But if you alter it make a post in the thread related to this article so we all can share the fun.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

 tommy skaue
Web Developer
Norway Norway
Member
Tommy live in Tromsø, a city far up north in Norway. He does programming and webdevelopment for a living.

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board.
Search this forum  
    Spacing  Noise  Layout  Per page   
First Prev Next
QuestionEncrypt &amp; Decrypt string [modified]memberc2love14 Nov '07 - 16:14 

When I use the function to encrypt "023 882 211" the result is "uYcQz0Pdr+y/T7GSP+2EavUFt7NhtbjO87Hgv81vBqU=" When I decrypt it back the result is "023 882 211".
 
Now I don't know how get the function back
 
Anybody can help me to write the function that can encrypt and decrypt this example
 
Thank you
 
C2love Network
 

-- modified at 7:46 Friday 16th November, 2007
Sign In·View Thread·Permalink
AnswerRe: Encrypt & Decrypt stringmembertommy skaue14 Nov '07 - 21:43 
sorry mate... no decryption available, hence the articlename "Encrypting passwords..." Wink | ;-)
 
If I remember correctly, the code removes content from the output so in other words, reversing the process would be "impossible". Now, you may notice that I'm reluctant to say impossible, but I really don't think this script can be decrypted without guessing the missing content.
 
------------------------------------------
Hey! Stop reading my signature... stop it!
hmm... you're still reading it...
Sign In·View Thread·Permalink
Questionencrypt & decrypt passwordmemberred-apple11 Aug '07 - 0:04 
hi,
DO you know any way to encrypt & DECRYPT password?
thanks.
Sign In·View Thread·Permalink
AnswerRe: encrypt & decrypt passwordmembertommy skaue11 Aug '07 - 2:56 
Haven't seen any free encrypt & decrypt scripts for classic asp (yet). But I wouldn't be surprised if you found on if you google for it. Wink | ;-)
 
------------------------------------------
Hey! Stop reading my signature... stop it!
hmm... you're still reading it...
Sign In·View Thread·Permalink
GeneralRe: encrypt & decrypt passwordmemberkenbhavin13 May '08 - 21:18 
i want to learn the whle proces of encrypt and decrypt password
Sign In·View Thread·Permalink
AnswerRe: encrypt & decrypt passwordmemberkenbhavin13 May '08 - 21:16 
no
Sign In·View Thread·Permalink
Generalone small changememberguildwyn24 Dec '06 - 11:17 
As I'm writing the encrypted result out to a database enclosed in single quotes, I thought it would be best to exclude single quotes from the possible results of the algorithm. I did this with
 
if (chr(y) <> "'") then s = s & chr(y)
 
in two places.
Sign In·View Thread·Permalink
QuestionHow to decrypt??sussShunHung14 Jul '05 - 17:11 
I can use this code,but I don't know how to decrypt...
Sign In·View Thread·Permalink
AnswerRe: How to decrypt??memberChristian Graus14 Jul '05 - 17:47 
To quote the article :
 
The function is not reversible, so there is no way to take the result and reverse it into the password. You will need to recreate the password with a new one (some users seem to forget their passwords and always wants it retreieved)
 
Christian Graus - Microsoft MVP - C++
Sign In·View Thread·Permalink
Generalmodification of this codesussAnonymous2 Sep '04 - 14:24 
can any1 show me a modified version of this code where the encryption of the words are jus the next alphabetical character of the actual strings?
 
eg. website = xfctjuf
 
thanks
Sign In·View Thread·Permalink
GeneralRe: modification of this codemembertommy skaue2 Sep '04 - 21:13 
seriously? Eek! | :eek:
 
and I am pretty sure most people wont call that encryption (even some contridict the function in this article as an encryption-function).
 
But if thats what you need, just loop through the word/string and add 1 position in a chr()-function. In vb, something like this (untested code):

old_string = "website"
for i = 0 to len(old_string)
new_String = new_String & Chr(Asc(Mid(old_string,i,1))+1)
next
 

 

or something (from the top of my head)
 
------------------------------------------
Hey! Stop reading my signature... stop it!
hmm... you're still reading it...
Sign In·View Thread·Permalink
GeneralRe: modification of this codememberkryzchek18 May '05 - 7:40 
tommy skaue wrote:
old_string = "website"
for i = 0 to len(old_string)
new_String = new_String & Chr(Asc(Mid(old_string,i,1))+1)
next
 
That won't necessarily work to get the next alphabetic character though. It's not smart enough to wrap back around for "Z". Smile | :)
Sign In·View Thread·Permalink
GeneralRe: modification of this codemembertommy skaue18 May '05 - 10:30 
I guess things from "the top of my head" shouldnt be used in production-code Wink | ;)
 
I thought this article was so old and outdated that noone even would read it... I've stopped using this function years ago. MD5 and SHA works fine for me.
 
------------------------------------------
Hey! Stop reading my signature... stop it!
hmm... you're still reading it...
Sign In·View Thread·Permalink
GeneralSame function ported to Perlmembersoffen21 Nov '03 - 7:55 
Although I can't think of why I would use this in Perl, I decided on a whim to port it to Perl (as it is my programming language of choice and want to provide others with it as well). Most DB (and most particularly MySQL) provide encryption functions, and I would recommend using them over anything else, unless there are known issues with it.
 
As the Perl code is intended to produce the same result as the vbscript code, I had to make a few modifications. Namely, the modulus (%) function in Perl does not round up as it appears the vbscript mod function does, so I go have to go the long way to get the remainder (rounded up as needed). Secondly, Perl strings are 0 indexed, so I had to do some tweaking there to get the letters in the same order as the vbscript. Again, all this is because the desire is to produce the same result as the vbscript.
 
Anyway, without further ado, the Perl script:
 
sub encrypt {
 
my $input1 = shift;
my $input2 = shift;
 
my $lenInput1 = length($input1);
my $lenInput2 = length($input2);
 
my $s = "";
my $t = 0;
 

#-- Loop through the first input --#
for (my $i = 0; $i < $lenInput1; $i++) {
$t += ord(substr($input1, $i, 1));
}
 
#-- Loop through the second input field --#
for (my $i = 0; $i < $lenInput2; $i++) {
 
#-- Get this character --#
my $thisChar = substr($input2, $i, 1);
 
#-- Get the next character --#
my $nextChar;
my $nextCharPos = ($i + 1) % $lenInput2 + 1;
if ($nextCharPos >= $lenInput2) {
$nextChar = substr($input2, 0, 1);
} else {
$nextChar = substr($input2, $nextCharPos, 1);
}
 
#-- Calculate the value of y --#
my $y = ($t + ord($thisChar) * ord($nextChar)) % 255;
 
#-- Append the chr of y to s --#
$s .= chr($y)
}
 

#-- Pad as needed --#
$t = 598.8 if ($t > 598.8);
for (my $i = ($lenInput2 + 1); $i <= 10; $i++) {
my $d = $t**3 * $i / 255;
$d = $1 if ($d =~ /^(\d*)\.?.*/);
 
my $n = ($t**3 * $i) - ($d * 255);
my $y = $1 if ($n =~ /^(\d*)\.?.*/);
my $r = $1 if ($n =~ /\d*\.(\d).*/);
 
$y++ if ($r > 4);
$s .= chr($y);
}
 

return ($s);
 
}

 
Lacking evidence of existence is not proof of non-existence.
Sign In·View Thread·Permalink
GeneralReturn value of Encrypt FunctionmemberVen Yetukuri3 Mar '03 - 8:54 
If the return value of the encrypt function contains a null then the assignment fails. The characters following the null is ignored.
For example: I have a code like this.
newpwd = encrypt("ic","ic")
Response.Write newpwd
The above code only writes "<f3"
 
I have changed my code like newpwd = Replace((newpwd),chr(0),"") and got the correct result:<f3̙f3
 

 
v
Sign In·View Thread·Permalink
GeneralIt wont work this waysussStarLite28 Jan '03 - 9:19 
Somehow this wont work Frown | :( br /> 
I got a login page and the page I want protected with the password.
When I make this code with the function:
 
The login page contains a form etc like in the article with this line added:
<% Session("loginhash") = encrypt(request.form("name"),request.form("pass")) %>
 
And the other file contains
 
<%
Loginhash = Session("loginhash")
HashCheck = Instellingen("password")
If Loginhash = HashCheck then
loggedin = True
else
loggedin = False
end if
%>
Logged in: <% =loggedin %>
 

But the value of 'loggedin' is *ALWAYS* False even when the 2 variables match [ checked with response.write() ]
 
How come¿
Sign In·View Thread·Permalink
GeneralRe: It wont work this waymembertommy skaue28 Jan '03 - 21:14 
This might sounds like a really weirds answer but use the code located here instead:
 
http://pajhome.org.uk/crypt/md5/
 
Unsure | :~
 
------------------------------------------
Hey! Stop reading my signature... stop it!
hmm... you're still reading it...
Sign In·View Thread·Permalink
GeneralRe: It wont work this waysussAnonymous29 Jan '03 - 3:34 
Hmzz, altho I rather wont use javascript I'll give it a try.
Im just wondering WHY it wont work, is it the special characters you get in this algorithm cant be compared in ASP¿ Or is there another thing why you cant compare such strings with eachother¿
Sign In·View Thread·Permalink
GeneralRe: It wont work this waymembertommy skaue29 Jan '03 - 20:59 
I think it might be the special characters in the result...
 
Its possible to change the function to span over only normal characters, but I dont use that function any longer.
 
I havent deleted the article though. Its ok for reading how it can be done and to get your own ideas.
 
There is MD5 for asp too...
 
Lets see if its pastable:
 

<%
Private Const BITS_TO_A_BYTE=8
Private Const BYTES_TO_A_WORD=4
Private Const BITS_TO_A_WORD=32
Private m_lOnBits(30)
Private m_l2Power(30)
m_lOnBits(0)=CLng(1)
m_lOnBits(1)=CLng(3)
m_lOnBits(2)=CLng(7)
m_lOnBits(3)=CLng(15)
m_lOnBits(4)=CLng(31)
m_lOnBits(5)=CLng(63)
m_lOnBits(6)=CLng(127)
m_lOnBits(7)=CLng(255)
m_lOnBits(8)=CLng(511)
m_lOnBits(9)=CLng(1023)
m_lOnBits(10)=CLng(2047)
m_lOnBits(11)=CLng(4095)
m_lOnBits(12)=CLng(8191)
m_lOnBits(13)=CLng(16383)
m_lOnBits(14)=CLng(32767)
m_lOnBits(15)=CLng(65535)
m_lOnBits(16)=CLng(131071)
m_lOnBits(17)=CLng(262143)
m_lOnBits(18)=CLng(524287)
m_lOnBits(19)=CLng(1048575)
m_lOnBits(20)=CLng(2097151)
m_lOnBits(21)=CLng(4194303)
m_lOnBits(22)=CLng(8388607)
m_lOnBits(23)=CLng(16777215)
m_lOnBits(24)=CLng(33554431)
m_lOnBits(25)=CLng(67108863)
m_lOnBits(26)=CLng(134217727)
m_lOnBits(27)=CLng(268435455)
m_lOnBits(28)=CLng(536870911)
m_lOnBits(29)=CLng(1073741823)
m_lOnBits(30)=CLng(2147483647)
 
m_l2Power(0)=CLng(1)
m_l2Power(1)=CLng(2)
m_l2Power(2)=CLng(4)
m_l2Power(3)=CLng(8)
m_l2Power(4)=CLng(16)
m_l2Power(5)=CLng(32)
m_l2Power(6)=CLng(64)
m_l2Power(7)=CLng(128)
m_l2Power(8)=CLng(256)
m_l2Power(9)=CLng(512)
m_l2Power(10)=CLng(1024)
m_l2Power(11)=CLng(2048)
m_l2Power(12)=CLng(4096)
m_l2Power(13)=CLng(8192)
m_l2Power(14)=CLng(16384)
m_l2Power(15)=CLng(32768)
m_l2Power(16)=CLng(65536)
m_l2Power(17)=CLng(131072)
m_l2Power(18)=CLng(262144)
m_l2Power(19)=CLng(524288)
m_l2Power(20)=CLng(1048576)
m_l2Power(21)=CLng(2097152)
m_l2Power(22)=CLng(4194304)
m_l2Power(23)=CLng(8388608)
m_l2Power(24)=CLng(16777216)
m_l2Power(25)=CLng(33554432)
m_l2Power(26)=CLng(67108864)
m_l2Power(27)=CLng(134217728)
m_l2Power(28)=CLng(268435456)
m_l2Power(29)=CLng(536870912)
m_l2Power(30)=CLng(1073741824)
 
Private Function LShift(lValue,iShiftBits)
If iShiftBits=0 Then
LShift=lValue
Exit Function
ElseIf iShiftBits=31 Then
If lValue And 1 Then
LShift=&H80000000
Else
LShift=0
End If
Exit Function
ElseIf iShiftBits<0 Or iShiftBits>31 Then
Err.Raise 6
End If
 
If (lValue And m_l2Power(31-iShiftBits)) Then
LShift=((lValue And m_lOnBits(31-(iShiftBits+1)))*m_l2Power(iShiftBits)) Or &H80000000
Else
LShift=((lValue And m_lOnBits(31-iShiftBits))*m_l2Power(iShiftBits))
End If
End Function
 
Private Function RShift(lValue,iShiftBits)
If iShiftBits=0 Then
RShift=lValue
Exit Function
ElseIf iShiftBits=31 Then
If lValue And &H80000000 Then
RShift=1
Else
RShift=0
End If
Exit Function
ElseIf iShiftBits<0 Or iShiftBits>31 Then
Err.Raise 6
End If

RShift=(lValue And &H7FFFFFFE)\m_l2Power(iShiftBits)
 
If (lValue And &H80000000) Then
RShift=(RShift Or (&H40000000\m_l2Power(iShiftBits-1)))
End If
End Function
 
Private Function RotateLeft(lValue,iShiftBits)
RotateLeft=LShift(lValue,iShiftBits) Or RShift(lValue,(32-iShiftBits))
End Function
 
Private Function AddUnsigned(lX,lY)
Dim lX4
Dim lY4
Dim lX8
Dim lY8
Dim lResult
 
lX8=lX And &H80000000
lY8=lY And &H80000000
lX4=lX And &H40000000
lY4=lY And &H40000000
 
lResult=(lX And &H3FFFFFFF)+(lY And &H3FFFFFFF)
 
If lX4 And lY4 Then
lResult=lResult Xor &H80000000 Xor lX8 Xor lY8
ElseIf lX4 Or lY4 Then
If lResult And &H40000000 Then
lResult=lResult Xor &HC0000000 Xor lX8 Xor lY8
Else
lResult=lResult Xor &H40000000 Xor lX8 Xor lY8
End If
Else
lResult=lResult Xor lX8 Xor lY8
End If
 
AddUnsigned=lResult
End Function
 
Private Function F(x,y,z)
F=(x And y) Or ((Not x) And z)
End Function
 
Private Function G(x,y,z)
G=(x And z) Or (y And (Not z))
End Function
 
Private Function H(x,y,z)
H=(x Xor y Xor z)
End Function
 
Private Function I(x,y,z)
I=(y Xor (x Or (Not z)))
End Function
 
Private Sub FF(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(F(b,c,d),x),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
 
Private Sub GG(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(G(b,c,d),x),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
 
Private Sub HH(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(H(b,c,d),x),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
 
Private Sub II(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(I(b,c,d),x),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
 
Private Function ConvertToWordArray(sMessage)
Dim lMessageLength
Dim lNumberOfWords
Dim lWordArray()
Dim lBytePosition
Dim lByteCount
Dim lWordCount

Const MODULUS_BITS=512
Const CONGRUENT_BITS=448

lMessageLength=Len(sMessage)

lNumberOfWords=(((lMessageLength+((MODULUS_BITS-CONGRUENT_BITS)\BITS_TO_A_BYTE))\(MODULUS_BITS\BITS_TO_A_BYTE))+1)*(MODULUS_BITS\BITS_TO_A_WORD)
ReDim lWordArray(lNumberOfWords-1)

lBytePosition=0
lByteCount=0
Do Until lByteCount >=lMessageLength
lWordCount=lByteCount\BYTES_TO_A_WORD
lBytePosition=(lByteCount Mod BYTES_TO_A_WORD)*BITS_TO_A_BYTE
lWordArray(lWordCount)=lWordArray(lWordCount) Or LShift(Asc(Mid(sMessage,lByteCount+1,1)),lBytePosition)
lByteCount=lByteCount+1
Loop
 
lWordCount=lByteCount\BYTES_TO_A_WORD
lBytePosition=(lByteCount Mod BYTES_TO_A_WORD)*BITS_TO_A_BYTE
 
lWordArray(lWordCount)=lWordArray(lWordCount) Or LShift(&H80,lBytePosition)
 
lWordArray(lNumberOfWords-2)=LShift(lMessageLength,3)
lWordArray(lNumberOfWords-1)=RShift(lMessageLength,29)

ConvertToWordArray=lWordArray
End Function
 
Private Function WordToHex(lValue)
Dim lByte
Dim lCount

For lCount=0 To 3
lByte=RShift(lValue,lCount*BITS_TO_A_BYTE) And m_lOnBits(BITS_TO_A_BYTE-1)
WordToHex=WordToHex & Right("0" & Hex(lByte),2)
Next
End Function
 
Public Function MD5(sMessage)
Dim x
Dim k
Dim AA
Dim BB
Dim CC
Dim DD
Dim a
Dim b
Dim c
Dim d

Const S11=7
Const S12=12
Const S13=17
Const S14=22
Const S21=5
Const S22=9
Const S23=14
Const S24=20
Const S31=4
Const S32=11
Const S33=16
Const S34=23
Const S41=6
Const S42=10
Const S43=15
Const S44=21
 
x=ConvertToWordArray(sMessage)

a=&H67452301
b=&HEFCDAB89
c=&H98BADCFE
d=&H10325476
 
For k=0 To UBound(x) Step 16
AA=a
BB=b
CC=c
DD=d
 
FF a,b,c,d,x(k+0),S11,&HD76AA478
FF d,a,b,c,x(k+1),S12,&HE8C7B756
FF c,d,a,b,x(k+2),S13,&H242070DB
FF b,c,d,a,x(k+3),S14,&HC1BDCEEE
FF a,b,c,d,x(k+4),S11,&HF57C0FAF
FF d,a,b,c,x(k+5),S12,&H4787C62A
FF c,d,a,b,x(k+6),S13,&HA8304613
FF b,c,d,a,x(k+7),S14,&HFD469501
FF a,b,c,d,x(k+8),S11,&H698098D8
FF d,a,b,c,x(k+9),S12,&H8B44F7AF
FF c,d,a,b,x(k+10),S13,&HFFFF5BB1
FF b,c,d,a,x(k+11),S14,&H895CD7BE
FF a,b,c,d,x(k+12),S11,&H6B901122
FF d,a,b,c,x(k+13),S12,&HFD987193
FF c,d,a,b,x(k+14),S13,&HA679438E
FF b,c,d,a,x(k+15),S14,&H49B40821
 
GG a,b,c,d,x(k+1),S21,&HF61E2562
GG d,a,b,c,x(k+6),S22,&HC040B340
GG c,d,a,b,x(k+11),S23,&H265E5A51
GG b,c,d,a,x(k+0),S24,&HE9B6C7AA
GG a,b,c,d,x(k+5),S21,&HD62F105D
GG d,a,b,c,x(k+10),S22,&H2441453
GG c,d,a,b,x(k+15),S23,&HD8A1E681
GG b,c,d,a,x(k+4),S24,&HE7D3FBC8
GG a,b,c,d,x(k+9),S21,&H21E1CDE6
GG d,a,b,c,x(k+14),S22,&HC33707D6
GG c,d,a,b,x(k+3),S23,&HF4D50D87
GG b,c,d,a,x(k+8),S24,&H455A14ED
GG a,b,c,d,x(k+13),S21,&HA9E3E905
GG d,a,b,c,x(k+2),S22,&HFCEFA3F8
GG c,d,a,b,x(k+7),S23,&H676F02D9
GG b,c,d,a,x(k+12),S24,&H8D2A4C8A

HH a,b,c,d,x(k+5),S31,&HFFFA3942
HH d,a,b,c,x(k+8),S32,&H8771F681
HH c,d,a,b,x(k+11),S33,&H6D9D6122
HH b,c,d,a,x(k+14),S34,&HFDE5380C
HH a,b,c,d,x(k+1),S31,&HA4BEEA44
HH d,a,b,c,x(k+4),S32,&H4BDECFA9
HH c,d,a,b,x(k+7),S33,&HF6BB4B60
HH b,c,d,a,x(k+10),S34,&HBEBFBC70
HH a,b,c,d,x(k+13),S31,&H289B7EC6
HH d,a,b,c,x(k+0),S32,&HEAA127FA
HH c,d,a,b,x(k+3),S33,&HD4EF3085
HH b,c,d,a,x(k+6),S34,&H4881D05
HH a,b,c,d,x(k+9),S31,&HD9D4D039
HH d,a,b,c,x(k+12),S32,&HE6DB99E5
HH c,d,a,b,x(k+15),S33,&H1FA27CF8
HH b,c,d,a,x(k+2),S34,&HC4AC5665
 
II a,b,c,d,x(k+0),S41,&HF4292244
II d,a,b,c,x(k+7),S42,&H432AFF97
II c,d,a,b,x(k+14),S43,&HAB9423A7
II b,c,d,a,x(k+5),S44,&HFC93A039
II a,b,c,d,x(k+12),S41,&H655B59C3
II d,a,b,c,x(k+3),S42,&H8F0CCC92
II c,d,a,b,x(k+10),S43,&HFFEFF47D
II b,c,d,a,x(k+1),S44,&H85845DD1
II a,b,c,d,x(k+8),S41,&H6FA87E4F
II d,a,b,c,x(k+15),S42,&HFE2CE6E0
II c,d,a,b,x(k+6),S43,&HA3014314
II b,c,d,a,x(k+13),S44,&H4E0811A1
II a,b,c,d,x(k+4),S41,&HF7537E82
II d,a,b,c,x(k+11),S42,&HBD3AF235
II c,d,a,b,x(k+2),S43,&H2AD7D2BB
II b,c,d,a,x(k+9),S44,&HEB86D391
 
a=AddUnsigned(a,AA)
b=AddUnsigned(b,BB)
c=AddUnsigned(c,CC)
d=AddUnsigned(d,DD)
Next

MD5=LCase(WordToHex(a) & WordToHex(b) & WordToHex(c) & WordToHex(d))
End Function
%>

 
Big Grin | :-D
 
------------------------------------------
Hey! Stop reading my signature... stop it!
hmm... you're still reading it...
Sign In·View Thread·Permalink
Generalits a pretty good articlememberHoratiu CRISTEA31 Jan '02 - 23:30 
from what i see this is a pretty good artible about password encription.
 
usualy a good security is done almost like this. the most popular way is using a one way hash function on a string which is composed from the password and another randomly generated string.
 
for example u have the strPassword = "password" and the strRandom = "JHG23HG42L" the method is doing an encrypt on (strPassword & strRandom) and the resulting lets say 64 characters encrypted string is written in the DB.
 
if a hacker got ur DB he probably got ur .asp file where u have implemented ur encrypt function. Poke tongue | ;-P so he could get an huge dictionary and run ur encrypt function on each dictionary word and look for a match and this is something that u cant prevent only by making it longer for him to find the match Smile | :)
 
ur article is good Smile | :)
 
---------------
Horatiu CRISTEA
Sign In·View Thread·Permalink
GeneralRe: its a pretty good articlemembertommy skaue1 Feb '02 - 0:18 
Thank you! Glad to see its appreciated Poke tongue | ;-P
 
You might say its only a step into a more secure userlogin procedure, but there are several thing you would want to implement to make your login even more secure.
 
I like to think of this function as a security-solution for us newbie-programmers who wants to make a wanna-be-secure website Wink | ;)
 
Its better than no encryption, and its quite easy to implement...
 
------------------------
This is my signature...
Sign In·View Thread·Permalink
GeneralRe: its a pretty good articlememberHoratiu CRISTEA1 Feb '02 - 2:18 
u can say its secure in a way but for professional websites u need to do the security in a professional way.
Anyway this is a free source learning site Smile | :) so this article worth more than posting an article how to use a crypto component Smile | :)
 
---------------
Horatiu CRISTEA
Sign In·View Thread·Permalink
GeneralRe: its a pretty good articlemembertommy skaue1 Feb '02 - 2:18 
exactly...
and most of those components cost $'s Cry | :((
I like free code better Roll eyes | :rolleyes:
 
This is my signature...
Sign In·View Thread·Permalink
GeneralTommy's son (off-topic)memberOz22 Jan '02 - 3:29 
"
Tommy live in Tromsø, a city far up north in Norway. He does programming and webdevelopment for a living. He is married and has one son (as of february 2002).
"
 
As of February 2002? Have I been stuck in some time warp? Aren't we still in January 2002??
 
Sorry, I had to ask...
Sign In·View Thread·Permalink
GeneralRe: Tommy's son (off-topic)membertommy skaue22 Jan '02 - 3:32 
Oz wrote:
As of February 2002? Have I been stuck in some time warp?
 
Yes you have... LOL!
 
Hehehe.... Rofl
 
This is my signature...
Sign In·View Thread·Permalink
GeneralSecurity of the algorithmmemberJohn Rayner21 Jan '02 - 1:24 
Do you have any proof that this is indeed a one-way algorithm?   Sure, I can't spot a way of reversing it easily and maybe neither can you, but that doesn't guarantee the security of the encryption.
Sign In·View Thread·Permalink
GeneralRe: Security of the algorithmmemberskaue21 Jan '02 - 2:34 
Sorry, no I don't.
 
I ripped it from a Visual Foxpro application, and the author of the code in VFP claims it is similar to the one used in unix to preserve the password.
 
But, consider using an encryption instead of none, because the passwords may fall into the wrong hands, and then there is no way of telling if that person is an advanced hacker or not.
 
As mentioned in the article, this is not state-of-the-art encryption, just a neat and quick way to hide the passwords...
 
;D
Sign In·View Thread·Permalink
GeneralRe: Security of the algorithmmemberJonas Elfstrom29 Jan '02 - 22:41 
I would recommend you to use a well known
secure hash function like SHA-1.
 
I googled for 5 seconds and found:
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?lngWId=4&txtCodeId=6545
 
PS. SHA-1 in Javascript
http://pajhome.org.uk/crypt/md5/
DS.
Sign In·View Thread·Permalink
Generalhashing is already in asp.netmemberJohan Danforth10 Jan '03 - 1:10 
isn't it? In VB.NET:

Imports System.Web.Security
 
FormsAuthentication.HashPasswordForStoringInConfigFile("MySecretPassword", "sha1")

I use that for storing user passwords on my server.
 
/I need a signature I guess
Sign In·View Thread·Permalink
GeneralRe: hashing is already in asp.netmembertommy skaue10 Jan '03 - 1:14 
Yes, .Net has added some nice little features along the way Poke tongue | ;-P including hashing with md5 and sha
 
I've left this code actually after finding a md5 encrypt script for classic asp
 
but surely when I move my stuff to .Net I'm gonna use the libraries available there.. Big Grin | :-D
 
------------------------------------------
Hey! Stop reading my signature... stop it!
hmm... you're still reading it...
Sign In·View Thread·Permalink
GeneralA note from the authormemberskaue21 Jan '02 - 1:16 
Hi
 
If you use this function and find bugs, please post changes in this thread or some other thread related to this article.
 
Thanks, and good luck programming!
 
Poke tongue | ;-P
Sign In·View Thread·Permalink
GeneralRe: A note from the authormemberJames Curran21 Jan '02 - 2:42 
In the final for-next loop, the value of t is not changed, so the "If t>598.8 Then t = 598.8" line can be move outside the loop, so it's executed only once.
 
Truth,
James
Sign In·View Thread·Permalink
GeneralRe: A note from the authormemberskaue21 Jan '02 - 2:50 
Yes, you're right.
 
I have to admit that the article was submitted in a hurry. Big Grin | :-D
 
The reason I need to check t's value is that vbscrips variables has a max value of 2.147.483.647 and when powering t (t^3) it may exceed that value in just that expression... Frown | :(
 
I would move the test just after the first loop like this:
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
If t>598.8 Then t = 598.8
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
 
Thanks James
Sign In·View Thread·Permalink
GeneralRe: A note from the authormemberJames Curran21 Jan '02 - 2:49 
Further, "t^3" is a constant, so that should be calculated outside the loop as well.   That makes the final loop:
 
   If t>598.8 Then t = 598.8
   ttt = t*t*t      ' probably faster than t^3
   For i = (len(x2) + 1) to 10
            y = (ttt*i) mod 255
            s = s & chr(y)
      Next

 
Truth,
James
Sign In·View Thread·Permalink
GeneralRe: A note from the authormemberskaue21 Jan '02 - 2:56 
Ok. Maybe that would be better. But why would t*t*t be faster than t^3?
Sign In·View Thread·Permalink
GeneralRe: A note from the authormemberMatthias Mann21 Jan '02 - 7:32 
VBScript is like many other script languages executed in an interpreter. So that the time overhead in t*t*t is likly to be greater then the use of the fpu. Especially because of todays out of order execution. But what ever you use in this line. It isn't measureable because it's executed only once.
 
Ciao Matthias Mann
Sign In·View Thread·Permalink
GeneralRe: UPDATED CODEmemberskaue21 Jan '02 - 4:53 
Use this tweaked and updated function code instead of the one in the article:
 
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
t = t mod 598
For i = 1 to len(x2) - 1
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,i+1,1))
s = s & chr(y mod 255)
Next
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,0,1))
s = s & chr(y mod 255)
ttt = t*t*t
For i = (len(x2) + 1) to 10
y = ttt*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
 
Thanks to James Curran for the contribution!
Sign In·View Thread·Permalink
GeneralRe: UPDATED CODEmemberNaushad22 Jan '02 - 5:32 
there is some problem with this updated code....
obiviously whats here is not been tested out for syntax error and stuff..
however, the initial version of the encrypt function works ok.
i see two things wrong in line 12 (y=(t+.... ) as shown below:
1) It does not have all the ending brackets accounted for.
2) Mid function can not take 0 as second argument. It has to be 1 or something >0 but less then the length of x2.
 
can you please review the updated version and repost it
thanks
Sign In·View Thread·Permalink
GeneralRe: UPDATED CODEmembertommy skaue23 Jan '02 - 21:38 
James... Wink | ;-)
 
Oke.. Use this Code:
 
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
If t>598 Then t = t mod 598
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
 
I shouldnt be changing the code all the time... sorry... Frown | :-(
 
This is my signature...
Sign In·View Thread·Permalink
GeneralRe: A note from the authormemberAnonymous19 Apr '02 - 1:39 
encrypt( "ADA", "16060" ) => empty password
Sign In·View Thread·Permalink
Last Visit: 31 Dec '99 - 18:00     Last Update: 23 May '13 - 19:27Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

About Article
A simple function to encrypt your users passwords
Type Article
Licence 
First Posted 19 Jan 2002
Views 182,470
Bookmarked 52 times

, +
Top News

The Next Version of Android - Some of What's Coming

Get the Insider News free each morning.
Related Videos
Password Fields: Mastering Java Swing Part 34
French C# Tutorial Lesson 24 - Refactoring
Creating a Java Application Using a Package
Client/Server Encryption plus extras
The Art & Science of Storing Passwords
Web Service Authentication
How to use Crypto API in your ASP projects.
Client Side Hashing using JQuery
Password Storage: How to do it.
Encrypting a dataset using AES, including compression
KeePass Password Safe
Web-based Active Directory Login
Object Oriented JavaScript Class Library in C#/.NET Style
.NET Encryption Simplified
File Encryption Utility
Role-based Security with Forms Authentication
Simple encrypting and decrypting data in C#
CodeStash - A useful (hopefully) tool for devs
How To: Hash Data Using MD5 and SHA1
P2P Secure File, Encrypt and Decrypt Any File with Password
Managing Connection Strings for Web Farms in ASP.NET 2.0
CryptBox
Securing Web Accounts
Permalink | Advertise | Privacy | Mobile
Web04 | 2.6.130523.1 | Last Updated 20 Jan 2002
Article Copyright 2002 by tommy skaue
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid