13,052,351 members (50,183 online)
alternative version

#### Stats

203.2K views
54 bookmarked
Posted 19 Jan 2002

, 19 Jan 2002
 Rate this:

## Introduction

Do you have a website where users need to login, and when they do you compare the password they enter with a column in a usertable? Some people do logins like this. It's easy to program and it works just fine. But what if someone got hold of the usertable and all the passwords of everyone? You may want to hide or encrypt the passwords in the usertable. Many programming languages have functions to do this. I make ASP-webpages, and I haven't found any quick functions to do this. There are plenty of components to do this, some free of charge even. But what if you cant install components on the webserver

Here is a short and neat way to encrypt your users passwords. You need two strings for it to work. Typically the username and the password.

## Code

```Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
If t>598.8 Then t = 598.8
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function```

If you want to test this function you can create an asp-page and upload it to your website. Here's my codelisting to encrypt.asp

```<%
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
If t>598.8 Then t = 598.8
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
%>

<html>
<title>Encrypt</title>

<body>
<% If request.form("name") = "" Then %>
<form action="encrypt.asp" method="post">
<input type="text" name="name"><input type="text" name="pass">
<input type="submit">
</form>
<% Else  %>
<% response.write encrypt(request.form("name"),request.form("pass")) %>
<% End If %>
</body>
</html>```

## Remarks

• The function is not reversible, so there is no way to take the result and reverse it into the password. You will need to recreate the password with a new one (some users seem to forget their passwords and always wants it retreieved)
• This is not a high-level encryption, but its good enough to hide it from lame hackers (hehe).
• The password is always sent from the user inputpage to the page encrypting it. Somewhere in between a hacker can fetch it. Secure zones (SSL) can remedy this.
• Feel free to use the code to whatever you like. But if you alter it make a post in the thread related to this article so we all can share the fun.

A list of licenses authors might use can be found here

## Share

 Web Developer Norway
Tommy live in Tromsø, a city far up north in Norway. He does programming and webdevelopment for a living.

## You may also be interested in...

 First Prev Next
 Overflow exception Member 304391912-Jul-16 7:00 Member 3043919 12-Jul-16 7:00
 Encrypt & Decrypt string [modified] c2love14-Nov-07 16:14 c2love 14-Nov-07 16:14
 Re: Encrypt & Decrypt string tommy skaue14-Nov-07 21:43 tommy skaue 14-Nov-07 21:43
 encrypt & decrypt password red-apple11-Aug-07 0:04 red-apple 11-Aug-07 0:04
 Re: encrypt & decrypt password tommy skaue11-Aug-07 2:56 tommy skaue 11-Aug-07 2:56
 Re: encrypt & decrypt password kenbhavin13-May-08 21:18 kenbhavin 13-May-08 21:18
 Re: encrypt & decrypt password kenbhavin13-May-08 21:16 kenbhavin 13-May-08 21:16
 one small change guildwyn24-Dec-06 11:17 guildwyn 24-Dec-06 11:17
 How to decrypt?? ShunHung14-Jul-05 17:11 ShunHung 14-Jul-05 17:11
 Re: How to decrypt?? Christian Graus14-Jul-05 17:47 Christian Graus 14-Jul-05 17:47
 modification of this code Anonymous2-Sep-04 14:24 Anonymous 2-Sep-04 14:24
 Re: modification of this code tommy skaue2-Sep-04 21:13 tommy skaue 2-Sep-04 21:13
 Re: modification of this code kryzchek18-May-05 7:40 kryzchek 18-May-05 7:40
 Re: modification of this code tommy skaue18-May-05 10:30 tommy skaue 18-May-05 10:30
 Same function ported to Perl soffen21-Nov-03 7:55 soffen 21-Nov-03 7:55
 Return value of Encrypt Function Ven Yetukuri3-Mar-03 8:54 Ven Yetukuri 3-Mar-03 8:54
 It wont work this way StarLite28-Jan-03 9:19 StarLite 28-Jan-03 9:19
 Re: It wont work this way tommy skaue28-Jan-03 21:14 tommy skaue 28-Jan-03 21:14
 Re: It wont work this way Anonymous29-Jan-03 3:34 Anonymous 29-Jan-03 3:34
 Re: It wont work this way tommy skaue29-Jan-03 20:59 tommy skaue 29-Jan-03 20:59
 its a pretty good article Horatiu CRISTEA31-Jan-02 23:30 Horatiu CRISTEA 31-Jan-02 23:30
 from what i see this is a pretty good artible about password encription. usualy a good security is done almost like this. the most popular way is using a one way hash function on a string which is composed from the password and another randomly generated string. for example u have the strPassword = "password" and the strRandom = "JHG23HG42L" the method is doing an encrypt on (strPassword & strRandom) and the resulting lets say 64 characters encrypted string is written in the DB. if a hacker got ur DB he probably got ur .asp file where u have implemented ur encrypt function. so he could get an huge dictionary and run ur encrypt function on each dictionary word and look for a match and this is something that u cant prevent only by making it longer for him to find the match ur article is good --------------- Horatiu CRISTEA
 Re: its a pretty good article tommy skaue1-Feb-02 0:18 tommy skaue 1-Feb-02 0:18
 Re: its a pretty good article Horatiu CRISTEA1-Feb-02 2:18 Horatiu CRISTEA 1-Feb-02 2:18
 Re: its a pretty good article tommy skaue1-Feb-02 2:18 tommy skaue 1-Feb-02 2:18
 Tommy's son (off-topic) Oz22-Jan-02 3:29 Oz 22-Jan-02 3:29
 Re: Tommy's son (off-topic) tommy skaue22-Jan-02 3:32 tommy skaue 22-Jan-02 3:32
 Security of the algorithm John Rayner21-Jan-02 1:24 John Rayner 21-Jan-02 1:24
 Re: Security of the algorithm skaue21-Jan-02 2:34 skaue 21-Jan-02 2:34
 Re: Security of the algorithm Jonas Elfstrom29-Jan-02 22:41 Jonas Elfstrom 29-Jan-02 22:41
 hashing is already in asp.net Johan Danforth10-Jan-03 1:10 Johan Danforth 10-Jan-03 1:10
 Re: hashing is already in asp.net tommy skaue10-Jan-03 1:14 tommy skaue 10-Jan-03 1:14
 A note from the author skaue21-Jan-02 1:16 skaue 21-Jan-02 1:16
 Re: A note from the author James Curran21-Jan-02 2:42 James Curran 21-Jan-02 2:42
 Re: A note from the author skaue21-Jan-02 2:50 skaue 21-Jan-02 2:50
 Re: A note from the author James Curran21-Jan-02 2:49 James Curran 21-Jan-02 2:49
 Re: A note from the author skaue21-Jan-02 2:56 skaue 21-Jan-02 2:56
 Re: A note from the author Matthias Mann21-Jan-02 7:32 Matthias Mann 21-Jan-02 7:32
 Re: UPDATED CODE skaue21-Jan-02 4:53 skaue 21-Jan-02 4:53