Add your own alternative version
Stats
199.9K views 54 bookmarked
Posted
19 Jan 2002

Comments and Discussions



Hi,
I'm facing an issue with this algorithm. It calculates the hash value for a string of 11 characters. But it throws an overflow exception for a string with more than 11 characters. This exception occurs for 'Y'. Please tell me how to fix it.
Thanks
Abhishek





When I use the function to encrypt "023 882 211" the result is "uYcQz0Pdr+y/T7GSP+2EavUFt7NhtbjO87Hgv81vBqU=" When I decrypt it back the result is "023 882 211".
Now I don't know how get the function back
Anybody can help me to write the function that can encrypt and decrypt this example
Thank you
C2love Network
 modified at 7:46 Friday 16th November, 2007





sorry mate... no decryption available, hence the articlename "Encrypting passwords..."
If I remember correctly, the code removes content from the output so in other words, reversing the process would be "impossible". Now, you may notice that I'm reluctant to say impossible, but I really don't think this script can be decrypted without guessing the missing content.

Hey! Stop reading my signature... stop it!
hmm... you're still reading it...





hi,
DO you know any way to encrypt & DECRYPT password?
thanks.





Haven't seen any free encrypt & decrypt scripts for classic asp (yet). But I wouldn't be surprised if you found on if you google for it.

Hey! Stop reading my signature... stop it!
hmm... you're still reading it...





i want to learn the whle proces of encrypt and decrypt password






As I'm writing the encrypted result out to a database enclosed in single quotes, I thought it would be best to exclude single quotes from the possible results of the algorithm. I did this with
if (chr(y) <> "'") then s = s & chr(y)
in two places.





I can use this code,but I don't know how to decrypt...





To quote the article :
The function is not reversible, so there is no way to take the result and reverse it into the password. You will need to recreate the password with a new one (some users seem to forget their passwords and always wants it retreieved)
Christian Graus  Microsoft MVP  C++





can any1 show me a modified version of this code where the encryption of the words are jus the next alphabetical character of the actual strings?
eg. website = xfctjuf
thanks





seriously?
and I am pretty sure most people wont call that encryption (even some contridict the function in this article as an encryptionfunction).
But if thats what you need, just loop through the word/string and add 1 position in a chr()function. In vb, something like this (untested code):
old_string = "website"
for i = 0 to len(old_string)
new_String = new_String & Chr(Asc(Mid(old_string,i,1))+1)
next
or something (from the top of my head)

Hey! Stop reading my signature... stop it!
hmm... you're still reading it...





tommy skaue wrote:
old_string = "website"
for i = 0 to len(old_string)
new_String = new_String & Chr(Asc(Mid(old_string,i,1))+1)
next
That won't necessarily work to get the next alphabetic character though. It's not smart enough to wrap back around for "Z".





I guess things from "the top of my head" shouldnt be used in productioncode
I thought this article was so old and outdated that noone even would read it... I've stopped using this function years ago. MD5 and SHA works fine for me.

Hey! Stop reading my signature... stop it!
hmm... you're still reading it...





Although I can't think of why I would use this in Perl, I decided on a whim to port it to Perl (as it is my programming language of choice and want to provide others with it as well). Most DB (and most particularly MySQL) provide encryption functions, and I would recommend using them over anything else, unless there are known issues with it.
As the Perl code is intended to produce the same result as the vbscript code, I had to make a few modifications. Namely, the modulus (%) function in Perl does not round up as it appears the vbscript mod function does, so I go have to go the long way to get the remainder (rounded up as needed). Secondly, Perl strings are 0 indexed, so I had to do some tweaking there to get the letters in the same order as the vbscript. Again, all this is because the desire is to produce the same result as the vbscript.
Anyway, without further ado, the Perl script:
sub encrypt {
my $input1 = shift;
my $input2 = shift;
my $lenInput1 = length($input1);
my $lenInput2 = length($input2);
my $s = "";
my $t = 0;
# Loop through the first input #
for (my $i = 0; $i < $lenInput1; $i++) {
$t += ord(substr($input1, $i, 1));
}
# Loop through the second input field #
for (my $i = 0; $i < $lenInput2; $i++) {
# Get this character #
my $thisChar = substr($input2, $i, 1);
# Get the next character #
my $nextChar;
my $nextCharPos = ($i + 1) % $lenInput2 + 1;
if ($nextCharPos >= $lenInput2) {
$nextChar = substr($input2, 0, 1);
} else {
$nextChar = substr($input2, $nextCharPos, 1);
}
# Calculate the value of y #
my $y = ($t + ord($thisChar) * ord($nextChar)) % 255;
# Append the chr of y to s #
$s .= chr($y)
}
# Pad as needed #
$t = 598.8 if ($t > 598.8);
for (my $i = ($lenInput2 + 1); $i <= 10; $i++) {
my $d = $t**3 * $i / 255;
$d = $1 if ($d =~ /^(\d*)\.?.*/);
my $n = ($t**3 * $i)  ($d * 255);
my $y = $1 if ($n =~ /^(\d*)\.?.*/);
my $r = $1 if ($n =~ /\d*\.(\d).*/);
$y++ if ($r > 4);
$s .= chr($y);
}
return ($s);
}
Lacking evidence of existence is not proof of nonexistence.





If the return value of the encrypt function contains a null then the assignment fails. The characters following the null is ignored. For example: I have a code like this. newpwd = encrypt("ic","ic") Response.Write newpwd The above code only writes "<f3"
I have changed my code like newpwd = Replace((newpwd),chr(0),"") and got the correct result:<f3Ì™f3
v





Somehow this wont work
I got a login page and the page I want protected with the password. When I make this code with the function:
The login page contains a form etc like in the article with this line added: <% Session("loginhash") = encrypt(request.form("name"),request.form("pass")) %>
And the other file contains
<% Loginhash = Session("loginhash") HashCheck = Instellingen("password") If Loginhash = HashCheck then loggedin = True else loggedin = False end if %> Logged in: <% =loggedin %>
But the value of 'loggedin' is *ALWAYS* False even when the 2 variables match [ checked with response.write() ]
How come¿





This might sounds like a really weirds answer but use the code located here instead:
http://pajhome.org.uk/crypt/md5/

Hey! Stop reading my signature... stop it!
hmm... you're still reading it...





Hmzz, altho I rather wont use javascript I'll give it a try.
Im just wondering WHY it wont work, is it the special characters you get in this algorithm cant be compared in ASP¿ Or is there another thing why you cant compare such strings with eachother¿





I think it might be the special characters in the result...
Its possible to change the function to span over only normal characters, but I dont use that function any longer.
I havent deleted the article though. Its ok for reading how it can be done and to get your own ideas.
There is MD5 for asp too...
Lets see if its pastable:
<%
Private Const BITS_TO_A_BYTE=8
Private Const BYTES_TO_A_WORD=4
Private Const BITS_TO_A_WORD=32
Private m_lOnBits(30)
Private m_l2Power(30)
m_lOnBits(0)=CLng(1)
m_lOnBits(1)=CLng(3)
m_lOnBits(2)=CLng(7)
m_lOnBits(3)=CLng(15)
m_lOnBits(4)=CLng(31)
m_lOnBits(5)=CLng(63)
m_lOnBits(6)=CLng(127)
m_lOnBits(7)=CLng(255)
m_lOnBits(8)=CLng(511)
m_lOnBits(9)=CLng(1023)
m_lOnBits(10)=CLng(2047)
m_lOnBits(11)=CLng(4095)
m_lOnBits(12)=CLng(8191)
m_lOnBits(13)=CLng(16383)
m_lOnBits(14)=CLng(32767)
m_lOnBits(15)=CLng(65535)
m_lOnBits(16)=CLng(131071)
m_lOnBits(17)=CLng(262143)
m_lOnBits(18)=CLng(524287)
m_lOnBits(19)=CLng(1048575)
m_lOnBits(20)=CLng(2097151)
m_lOnBits(21)=CLng(4194303)
m_lOnBits(22)=CLng(8388607)
m_lOnBits(23)=CLng(16777215)
m_lOnBits(24)=CLng(33554431)
m_lOnBits(25)=CLng(67108863)
m_lOnBits(26)=CLng(134217727)
m_lOnBits(27)=CLng(268435455)
m_lOnBits(28)=CLng(536870911)
m_lOnBits(29)=CLng(1073741823)
m_lOnBits(30)=CLng(2147483647)
m_l2Power(0)=CLng(1)
m_l2Power(1)=CLng(2)
m_l2Power(2)=CLng(4)
m_l2Power(3)=CLng(8)
m_l2Power(4)=CLng(16)
m_l2Power(5)=CLng(32)
m_l2Power(6)=CLng(64)
m_l2Power(7)=CLng(128)
m_l2Power(8)=CLng(256)
m_l2Power(9)=CLng(512)
m_l2Power(10)=CLng(1024)
m_l2Power(11)=CLng(2048)
m_l2Power(12)=CLng(4096)
m_l2Power(13)=CLng(8192)
m_l2Power(14)=CLng(16384)
m_l2Power(15)=CLng(32768)
m_l2Power(16)=CLng(65536)
m_l2Power(17)=CLng(131072)
m_l2Power(18)=CLng(262144)
m_l2Power(19)=CLng(524288)
m_l2Power(20)=CLng(1048576)
m_l2Power(21)=CLng(2097152)
m_l2Power(22)=CLng(4194304)
m_l2Power(23)=CLng(8388608)
m_l2Power(24)=CLng(16777216)
m_l2Power(25)=CLng(33554432)
m_l2Power(26)=CLng(67108864)
m_l2Power(27)=CLng(134217728)
m_l2Power(28)=CLng(268435456)
m_l2Power(29)=CLng(536870912)
m_l2Power(30)=CLng(1073741824)
Private Function LShift(lValue,iShiftBits)
If iShiftBits=0 Then
LShift=lValue
Exit Function
ElseIf iShiftBits=31 Then
If lValue And 1 Then
LShift=&H80000000
Else
LShift=0
End If
Exit Function
ElseIf iShiftBits<0 Or iShiftBits>31 Then
Err.Raise 6
End If
If (lValue And m_l2Power(31iShiftBits)) Then
LShift=((lValue And m_lOnBits(31(iShiftBits+1)))*m_l2Power(iShiftBits)) Or &H80000000
Else
LShift=((lValue And m_lOnBits(31iShiftBits))*m_l2Power(iShiftBits))
End If
End Function
Private Function RShift(lValue,iShiftBits)
If iShiftBits=0 Then
RShift=lValue
Exit Function
ElseIf iShiftBits=31 Then
If lValue And &H80000000 Then
RShift=1
Else
RShift=0
End If
Exit Function
ElseIf iShiftBits<0 Or iShiftBits>31 Then
Err.Raise 6
End If
RShift=(lValue And &H7FFFFFFE)\m_l2Power(iShiftBits)
If (lValue And &H80000000) Then
RShift=(RShift Or (&H40000000\m_l2Power(iShiftBits1)))
End If
End Function
Private Function RotateLeft(lValue,iShiftBits)
RotateLeft=LShift(lValue,iShiftBits) Or RShift(lValue,(32iShiftBits))
End Function
Private Function AddUnsigned(lX,lY)
Dim lX4
Dim lY4
Dim lX8
Dim lY8
Dim lResult
lX8=lX And &H80000000
lY8=lY And &H80000000
lX4=lX And &H40000000
lY4=lY And &H40000000
lResult=(lX And &H3FFFFFFF)+(lY And &H3FFFFFFF)
If lX4 And lY4 Then
lResult=lResult Xor &H80000000 Xor lX8 Xor lY8
ElseIf lX4 Or lY4 Then
If lResult And &H40000000 Then
lResult=lResult Xor &HC0000000 Xor lX8 Xor lY8
Else
lResult=lResult Xor &H40000000 Xor lX8 Xor lY8
End If
Else
lResult=lResult Xor lX8 Xor lY8
End If
AddUnsigned=lResult
End Function
Private Function F(x,y,z)
F=(x And y) Or ((Not x) And z)
End Function
Private Function G(x,y,z)
G=(x And z) Or (y And (Not z))
End Function
Private Function H(x,y,z)
H=(x Xor y Xor z)
End Function
Private Function I(x,y,z)
I=(y Xor (x Or (Not z)))
End Function
Private Sub FF(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(F(b,c,d),x),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
Private Sub GG(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(G(b,c,d),x),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
Private Sub HH(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(H(b,c,d),x),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
Private Sub II(a,b,c,d,x,s,ac)
a=AddUnsigned(a,AddUnsigned(AddUnsigned(I(b,c,d),x),ac))
a=RotateLeft(a,s)
a=AddUnsigned(a,b)
End Sub
Private Function ConvertToWordArray(sMessage)
Dim lMessageLength
Dim lNumberOfWords
Dim lWordArray()
Dim lBytePosition
Dim lByteCount
Dim lWordCount
Const MODULUS_BITS=512
Const CONGRUENT_BITS=448
lMessageLength=Len(sMessage)
lNumberOfWords=(((lMessageLength+((MODULUS_BITSCONGRUENT_BITS)\BITS_TO_A_BYTE))\(MODULUS_BITS\BITS_TO_A_BYTE))+1)*(MODULUS_BITS\BITS_TO_A_WORD)
ReDim lWordArray(lNumberOfWords1)
lBytePosition=0
lByteCount=0
Do Until lByteCount >=lMessageLength
lWordCount=lByteCount\BYTES_TO_A_WORD
lBytePosition=(lByteCount Mod BYTES_TO_A_WORD)*BITS_TO_A_BYTE
lWordArray(lWordCount)=lWordArray(lWordCount) Or LShift(Asc(Mid(sMessage,lByteCount+1,1)),lBytePosition)
lByteCount=lByteCount+1
Loop
lWordCount=lByteCount\BYTES_TO_A_WORD
lBytePosition=(lByteCount Mod BYTES_TO_A_WORD)*BITS_TO_A_BYTE
lWordArray(lWordCount)=lWordArray(lWordCount) Or LShift(&H80,lBytePosition)
lWordArray(lNumberOfWords2)=LShift(lMessageLength,3)
lWordArray(lNumberOfWords1)=RShift(lMessageLength,29)
ConvertToWordArray=lWordArray
End Function
Private Function WordToHex(lValue)
Dim lByte
Dim lCount
For lCount=0 To 3
lByte=RShift(lValue,lCount*BITS_TO_A_BYTE) And m_lOnBits(BITS_TO_A_BYTE1)
WordToHex=WordToHex & Right("0" & Hex(lByte),2)
Next
End Function
Public Function MD5(sMessage)
Dim x
Dim k
Dim AA
Dim BB
Dim CC
Dim DD
Dim a
Dim b
Dim c
Dim d
Const S11=7
Const S12=12
Const S13=17
Const S14=22
Const S21=5
Const S22=9
Const S23=14
Const S24=20
Const S31=4
Const S32=11
Const S33=16
Const S34=23
Const S41=6
Const S42=10
Const S43=15
Const S44=21
x=ConvertToWordArray(sMessage)
a=&H67452301
b=&HEFCDAB89
c=&H98BADCFE
d=&H10325476
For k=0 To UBound(x) Step 16
AA=a
BB=b
CC=c
DD=d
FF a,b,c,d,x(k+0),S11,&HD76AA478
FF d,a,b,c,x(k+1),S12,&HE8C7B756
FF c,d,a,b,x(k+2),S13,&H242070DB
FF b,c,d,a,x(k+3),S14,&HC1BDCEEE
FF a,b,c,d,x(k+4),S11,&HF57C0FAF
FF d,a,b,c,x(k+5),S12,&H4787C62A
FF c,d,a,b,x(k+6),S13,&HA8304613
FF b,c,d,a,x(k+7),S14,&HFD469501
FF a,b,c,d,x(k+8),S11,&H698098D8
FF d,a,b,c,x(k+9),S12,&H8B44F7AF
FF c,d,a,b,x(k+10),S13,&HFFFF5BB1
FF b,c,d,a,x(k+11),S14,&H895CD7BE
FF a,b,c,d,x(k+12),S11,&H6B901122
FF d,a,b,c,x(k+13),S12,&HFD987193
FF c,d,a,b,x(k+14),S13,&HA679438E
FF b,c,d,a,x(k+15),S14,&H49B40821
GG a,b,c,d,x(k+1),S21,&HF61E2562
GG d,a,b,c,x(k+6),S22,&HC040B340
GG c,d,a,b,x(k+11),S23,&H265E5A51
GG b,c,d,a,x(k+0),S24,&HE9B6C7AA
GG a,b,c,d,x(k+5),S21,&HD62F105D
GG d,a,b,c,x(k+10),S22,&H2441453
GG c,d,a,b,x(k+15),S23,&HD8A1E681
GG b,c,d,a,x(k+4),S24,&HE7D3FBC8
GG a,b,c,d,x(k+9),S21,&H21E1CDE6
GG d,a,b,c,x(k+14),S22,&HC33707D6
GG c,d,a,b,x(k+3),S23,&HF4D50D87
GG b,c,d,a,x(k+8),S24,&H455A14ED
GG a,b,c,d,x(k+13),S21,&HA9E3E905
GG d,a,b,c,x(k+2),S22,&HFCEFA3F8
GG c,d,a,b,x(k+7),S23,&H676F02D9
GG b,c,d,a,x(k+12),S24,&H8D2A4C8A
HH a,b,c,d,x(k+5),S31,&HFFFA3942
HH d,a,b,c,x(k+8),S32,&H8771F681
HH c,d,a,b,x(k+11),S33,&H6D9D6122
HH b,c,d,a,x(k+14),S34,&HFDE5380C
HH a,b,c,d,x(k+1),S31,&HA4BEEA44
HH d,a,b,c,x(k+4),S32,&H4BDECFA9
HH c,d,a,b,x(k+7),S33,&HF6BB4B60
HH b,c,d,a,x(k+10),S34,&HBEBFBC70
HH a,b,c,d,x(k+13),S31,&H289B7EC6
HH d,a,b,c,x(k+0),S32,&HEAA127FA
HH c,d,a,b,x(k+3),S33,&HD4EF3085
HH b,c,d,a,x(k+6),S34,&H4881D05
HH a,b,c,d,x(k+9),S31,&HD9D4D039
HH d,a,b,c,x(k+12),S32,&HE6DB99E5
HH c,d,a,b,x(k+15),S33,&H1FA27CF8
HH b,c,d,a,x(k+2),S34,&HC4AC5665
II a,b,c,d,x(k+0),S41,&HF4292244
II d,a,b,c,x(k+7),S42,&H432AFF97
II c,d,a,b,x(k+14),S43,&HAB9423A7
II b,c,d,a,x(k+5),S44,&HFC93A039
II a,b,c,d,x(k+12),S41,&H655B59C3
II d,a,b,c,x(k+3),S42,&H8F0CCC92
II c,d,a,b,x(k+10),S43,&HFFEFF47D
II b,c,d,a,x(k+1),S44,&H85845DD1
II a,b,c,d,x(k+8),S41,&H6FA87E4F
II d,a,b,c,x(k+15),S42,&HFE2CE6E0
II c,d,a,b,x(k+6),S43,&HA3014314
II b,c,d,a,x(k+13),S44,&H4E0811A1
II a,b,c,d,x(k+4),S41,&HF7537E82
II d,a,b,c,x(k+11),S42,&HBD3AF235
II c,d,a,b,x(k+2),S43,&H2AD7D2BB
II b,c,d,a,x(k+9),S44,&HEB86D391
a=AddUnsigned(a,AA)
b=AddUnsigned(b,BB)
c=AddUnsigned(c,CC)
d=AddUnsigned(d,DD)
Next
MD5=LCase(WordToHex(a) & WordToHex(b) & WordToHex(c) & WordToHex(d))
End Function
%>

Hey! Stop reading my signature... stop it!
hmm... you're still reading it...









"
Tommy live in Tromsø, a city far up north in Norway. He does programming and webdevelopment for a living. He is married and has one son (as of february 2002).
"
As of February 2002? Have I been stuck in some time warp? Aren't we still in January 2002??
Sorry, I had to ask...





Oz wrote:
As of February 2002? Have I been stuck in some time warp?
Yes you have... LOL!
Hehehe.... Rofl
This is my signature...





Do you have any proof that this is indeed a oneway algorithm? Sure, I can't spot a way of reversing it easily and maybe neither can you, but that doesn't guarantee the security of the encryption.





Sorry, no I don't.
I ripped it from a Visual Foxpro application, and the author of the code in VFP claims it is similar to the one used in unix to preserve the password.
But, consider using an encryption instead of none, because the passwords may fall into the wrong hands, and then there is no way of telling if that person is an advanced hacker or not.
As mentioned in the article, this is not stateoftheart encryption, just a neat and quick way to hide the passwords...
;D





I would recommend you to use a well known
secure hash function like SHA1.
I googled for 5 seconds and found:
http://www.planetsourcecode.com/vb/scripts/ShowCode.asp?lngWId=4&txtCodeId=6545
PS. SHA1 in Javascript
http://pajhome.org.uk/crypt/md5/
DS.





isn't it? In VB.NET:
Imports System.Web.Security
FormsAuthentication.HashPasswordForStoringInConfigFile("MySecretPassword", "sha1")
I use that for storing user passwords on my server.
/I need a signature I guess






Hi
If you use this function and find bugs, please post changes in this thread or some other thread related to this article.
Thanks, and good luck programming!





In the final fornext loop, the value of t is not changed, so the "If t>598.8 Then t = 598.8" line can be move outside the loop, so it's executed only once.
Truth,
James






Further, "t^3" is a constant, so that should be calculated outside the loop as well. That makes the final loop:
If t>598.8 Then t = 598.8 ttt = t*t*t ' probably faster than t^3 For i = (len(x2) + 1) to 10 y = (ttt*i) mod 255 s = s & chr(y) Next
Truth, James





Ok. Maybe that would be better. But why would t*t*t be faster than t^3?





VBScript is like many other script languages executed in an interpreter. So that the time overhead in t*t*t is likly to be greater then the use of the fpu. Especially because of todays out of order execution. But what ever you use in this line. It isn't measureable because it's executed only once.
Ciao Matthias Mann





Use this tweaked and updated function code instead of the one in the article:
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
t = t mod 598
For i = 1 to len(x2)  1
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,i+1,1))
s = s & chr(y mod 255)
Next
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,0,1))
s = s & chr(y mod 255)
ttt = t*t*t
For i = (len(x2) + 1) to 10
y = ttt*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
Thanks to James Curran for the contribution!





there is some problem with this updated code....
obiviously whats here is not been tested out for syntax error and stuff..
however, the initial version of the encrypt function works ok.
i see two things wrong in line 12 (y=(t+.... ) as shown below:
1) It does not have all the ending brackets accounted for.
2) Mid function can not take 0 as second argument. It has to be 1 or something >0 but less then the length of x2.
can you please review the updated version and repost it
thanks






encrypt( "ADA", "16060" ) => empty password







General News Suggestion Question Bug Answer Joke Praise Rant Admin Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

