Password encryption methods in classic ASP [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 4 years ago.

开发者_运维问答 Improve this question

I am looking for a method to encrypt/decrypt password in classic ASP. Can someone please suggest to me which method is good to go and what are the possible ways to do this in classic ASP.

---

You can download this free Classic ASP/VBScript script here which encrypts a string to SHA-256, an industry standard one-way hash function:

http://www.freevbcode.com/ShowCode.asp?ID=2565

Most people don't decrypt a password once it has been encrypted. The idea is to store a non reversible, encrypted password in your DB, which in turn stops an attacker reading passwords if the manage to get to your DB. When somebody enters a password, you encrypt the users input and match it against the encrypted password in the DB.

But hashing alone is not secure enough. You have to add a SALT value to the password you want to hash, to make it unbreakable. Salt should be a random but unique password that gets added to the password before hashing, for example:

password = Request("password")
salt = "2435uhu34hi34"
myHashedPassword = SHA256_function(password&salt)

---

I've created a class of functions for hashing passwords in Classic ASP. As well as a standard hashing function that uses MD5, SHA1, SHA256, SHA384 or SHA512 and an auto-generated salt and optional pepper, there's also support for Argon2, Bcrypt and PBKDF2

The standard hashing function should work on most shared hosting servers, the rest require the installation of COM DLL's which I have created and uploaded to GitHub. Everything is outlined and demonstrated in this repository:

https://github.com/as08/ClassicASP.PasswordHashing

---

I created a COM-interop DLL for this exact task--Classic ASP Password Hashing. Simply build, register the DLL and call it from ASP. This is an early working version using AES256, I plan to add additional algorithm support in the future.

https://github.com/kingdango/SaltedHashPassword

Suggestions welcome!

Classic ASP Code Example

newPassword = "whatever-the-user-typed"

set passwordGenerator = Server.createObject("Kingdango.SaltedHashPassword.PasswordHash")
passwordGenerator.Password = newPassword
newPasswordSaltedHash = passwordGenerator.GetHashedPassword()
newPasswordSalt = passwordGenerator.Salt

---

Looking for the same thing. This whole concept of hashing passwords made me realize that some major websites out there must be using a decrypt method as well. How else can they email a lost password if they do not keep it in either clear text or have a method of decrypting it.

Edit: I think I found an answer here—database column-level encryption.