By , 19 Jan 2002

## Introduction

Do you have a website where users need to login, and when they do you compare the password they enter with a column in a usertable? Some people do logins like this. It's easy to program and it works just fine. But what if someone got hold of the usertable and all the passwords of everyone? You may want to hide or encrypt the passwords in the usertable. Many programming languages have functions to do this. I make ASP-webpages, and I haven't found any quick functions to do this. There are plenty of components to do this, some free of charge even. But what if you cant install components on the webserver

Here is a short and neat way to encrypt your users passwords. You need two strings for it to work. Typically the username and the password.

## Code

```Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
If t>598.8 Then t = 598.8
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function```

If you want to test this function you can create an asp-page and upload it to your website. Here's my codelisting to encrypt.asp

```<%
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
If t>598.8 Then t = 598.8
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
%>

<html>
<title>Encrypt</title>

<body>
<% If request.form("name") = "" Then %>
<form action="encrypt.asp" method="post">
<input type="text" name="name"><input type="text" name="pass">
<input type="submit">
</form>
<% Else  %>
<% response.write encrypt(request.form("name"),request.form("pass")) %>
<% End If %>
</body>
</html>```

## Remarks

• The function is not reversible, so there is no way to take the result and reverse it into the password. You will need to recreate the password with a new one (some users seem to forget their passwords and always wants it retreieved)
• This is not a high-level encryption, but its good enough to hide it from lame hackers (hehe).
• The password is always sent from the user inputpage to the page encrypting it. Somewhere in between a hacker can fetch it. Secure zones (SSL) can remedy this.
• Feel free to use the code to whatever you like. But if you alter it make a post in the thread related to this article so we all can share the fun.

A list of licenses authors might use can be found here

 tommy skaue Web Developer Norway Member
Tommy live in Tromsø, a city far up north in Norway. He does programming and webdevelopment for a living.

Votes of 3 or less require a comment

 Search this forum Profile popups    Spacing RelaxedCompactTight   Noise Very HighHighMediumLowVery Low   Layout Open AllThread ViewNo JavascriptPreview   Per page 102550
 First PrevNext
 Encrypt & Decrypt string [modified] c2love 14 Nov '07 - 16:14
 When I use the function to encrypt "023 882 211" the result is "uYcQz0Pdr+y/T7GSP+2EavUFt7NhtbjO87Hgv81vBqU=" When I decrypt it back the result is "023 882 211".   Now I don't know how get the function back   Anybody can help me to write the function that can encrypt and decrypt this example   Thank you   C2love Network   -- modified at 7:46 Friday 16th November, 2007 Sign In·View Thread·Permalink
 Re: Encrypt & Decrypt string tommy skaue 14 Nov '07 - 21:43
 sorry mate... no decryption available, hence the articlename "Encrypting passwords..."   If I remember correctly, the code removes content from the output so in other words, reversing the process would be "impossible". Now, you may notice that I'm reluctant to say impossible, but I really don't think this script can be decrypted without guessing the missing content.   ------------------------------------------ Hey! Stop reading my signature... stop it! hmm... you're still reading it... Sign In·View Thread·Permalink
 encrypt & decrypt password red-apple 11 Aug '07 - 0:04
 Re: encrypt & decrypt password tommy skaue 11 Aug '07 - 2:56
 Haven't seen any free encrypt & decrypt scripts for classic asp (yet). But I wouldn't be surprised if you found on if you google for it.   ------------------------------------------ Hey! Stop reading my signature... stop it! hmm... you're still reading it... Sign In·View Thread·Permalink
 Re: encrypt & decrypt password kenbhavin 13 May '08 - 21:18
 Re: encrypt & decrypt password kenbhavin 13 May '08 - 21:16
 one small change guildwyn 24 Dec '06 - 11:17
 As I'm writing the encrypted result out to a database enclosed in single quotes, I thought it would be best to exclude single quotes from the possible results of the algorithm. I did this with   `if (chr(y) <> "'") then s = s & chr(y)`   in two places. Sign In·View Thread·Permalink
 How to decrypt?? ShunHung 14 Jul '05 - 17:11
 Re: How to decrypt?? Christian Graus 14 Jul '05 - 17:47
 To quote the article :   The function is not reversible, so there is no way to take the result and reverse it into the password. You will need to recreate the password with a new one (some users seem to forget their passwords and always wants it retreieved)   Christian Graus - Microsoft MVP - C++ Sign In·View Thread·Permalink
 modification of this code Anonymous 2 Sep '04 - 14:24
 can any1 show me a modified version of this code where the encryption of the words are jus the next alphabetical character of the actual strings?   eg. website = xfctjuf   thanks Sign In·View Thread·Permalink
 Last Visit: 31 Dec '99 - 18:00     Last Update: 24 May '13 - 0:26 Refresh 1234 Next »