Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 425
  • Last Modified:

RC4 encryption algo bit level question

Hi Experts,

I am using the functions below to provide an RC4 encryption to some sensitive fields in a website. I have the following question:

On the following line:

dim ET_RC4_40bitKey : ET_RC4_40bitKey="s0W3a" '*** Only 5 characters allowed in UK (40-bit encryption law)

The 40 bit key is defined. It appears to me that the encryption level is set at 40 bit because there are five characters in the encryption key. Is this correct? and if so how do I encrease the encryption to 128 bit?

Basically I am trying to work out the formula for #characters to encryption bit level.


Any ideas?



Thanks,




PJORDANNA







'*** Arrays for the RC4 Encryptions algorithms
Dim RC4_sbox(255)
Dim RC4_keyArray(255)
dim ET_RC4_40bitKey : ET_RC4_40bitKey="s0W3a" '*** Only 5 characters allowed in UK (40-bit encryption law)

Sub RC4Initialize(strPwd)
'**** This routine called by RC4EnDeCrypt function. Initializes the RC4_sbox and the RC4_keyArray array.

   dim tempSwap
   dim a
   dim b

   intLength = len(strPwd)
   For a = 0 To 255
      RC4_keyArray(a) = asc(mid(strpwd, (a mod intLength)+1, 1))
      RC4_sbox(a) = a
   next

   b = 0
   For a = 0 To 255
      b = (b + RC4_sbox(a) + RC4_keyArray(a)) Mod 256
      tempSwap = RC4_sbox(a)
      RC4_sbox(a) = RC4_sbox(b)
      RC4_sbox(b) = tempSwap
   Next
End Sub

Function RC4EnDeCrypt(plaintxt, psw)
      '*** Performs the encrption/decryption
      '*** Note using more than a 5 character password would be illegal in the UK - only 40 bit encryption allowed
   dim temp
   dim a
   dim i
   dim j
   dim k
   dim cipherby
   dim cipher

   i = 0
   j = 0

   RC4Initialize psw

   For a = 1 To Len(plaintxt)
      i = (i + 1) Mod 256
      j = (j + RC4_sbox(i)) Mod 256
      temp = RC4_sbox(i)
      RC4_sbox(i) = RC4_sbox(j)
      RC4_sbox(j) = temp

      k = RC4_sbox((RC4_sbox(i) + RC4_sbox(j)) Mod 256)

      cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
      cipher = cipher & Chr(cipherby)
   Next

   RC4EnDeCrypt = cipher

End Function

function charStrToHexCodes(charStr) '*** generates a hex byte string from a character string
      charStrToHexCodes=""
      for qq = 1 to len(charStr)
            charStrToHexCodes=charStrToHexCodes & right(string(2,"0") & hex(asc(mid(charStr, qq, 1))),2)                   
      next
end function

function hexCodesToCharStr(hexCodes) '*** generates a character string from a hex byte string
      dim i
      hexCodesToCharStr=""
      if len(hexCodes)/2 <> Int(len(hexCodes)/2) then exit function
      for i=1 to len(hexCodes)-1 step 2
            hexCodesToCharStr=hexCodesToCharStr&Chr(hexByteToDecimal(Mid(hexCodes,i,2)))
      next
end function

function hexDigitToDecimal(digit) '*** Converts a single hex digit to decimal, returns -1 if not possible
      select case digit
      case "0","1","2","3","4","5","6","7","8","9"
            hexDigitToDecimal=CInt(digit)
      case "A","a"
            hexDigitToDecimal=10
      case "B","b"
            hexDigitToDecimal=11
      case "C","c"
            hexDigitToDecimal=12
      case "D","d"
            hexDigitToDecimal=13
      case "E","e"
            hexDigitToDecimal=14
      case "F","f"
            hexDigitToDecimal=15
      case else
            hexDigitToDecimal=-1
      end select
end function

function hexByteToDecimal(byteStr) '*** Converts a hex byte to decimal, returns -1 if not possible
      if (len(byteStr)<>2 or hexDigitToDecimal(Left(byteStr,1))=-1 or hexDigitToDecimal(Right(byteStr,1))=-1) then
            hexByteToDecimal=-1
            exit function
      end if
      hexByteToDecimal=hexDigitToDecimal(Left(byteStr,1))*16+hexDigitToDecimal(Right(byteStr,1))
end function
0
pjordanna
Asked:
pjordanna
  • 2
2 Solutions
 
cjinsocal581Commented:
You will want to use the MD5 Hash. Here is some code to get you started:

Here is the Login Page:
___________________________________________________
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX">
      <title>Project Management Login</title>      
</head>
<%
Response.IsClientConnected
%>
<body>            

<table border="1" width="100%" id="table1" bordercolorlight="#000000" cellspacing="0" cellpadding="2" bordercolordark="#000000">
      <tr>
            <form method="POST" action="loginvalidate_sha256.asp" name="form1">
                  <td>
                  <p align="center"><b><font size="2" face="Verdana">Admin Login</font></b></p>
                  <div align="center">
                  <table border="0" width="30%" id="table2">
                        <tr>
                              <td width="129"><font size="2" face="Verdana">Login:</font></td>
                              <td width="130"><font face="Verdana"><input type="text" name="txtLogin" size="20" tabindex="1"></font></td>
                        </tr>
                        <tr>
                              <td width="129"><font size="2" face="Verdana">Password:</font></td>
                              <td width="130">
                              <font face="Verdana">
                              &nbsp;<input type="password" name="md5" size="20" tabindex="2"></font></td>
                        </tr>
                        <tr>
                              <td width="129">
                              <p align="center">
    <font face="Verdana">
    <input type="submit" value="Login" name="B1" tabindex="3"></font></td>
                              <td width="130">
    <font face="Verdana">
    <input type="reset" value="Clear Fields" name="B2" tabindex="4"></font></td>
                        </tr>
                        </table>
                        </div>
                  </td>
            </form>
      </tr>
</table>
</body>
</html>
_________________________________________________________________
the page to validate it: loginvalidate_sha256.asp
_________________________________________________________________
<%
strPass = Trim(request.form("md5"))

Private m_lOnBits(30)
Private m_l2Power(30)
Private K(63)

Private Const BITS_TO_A_BYTE = 8
Private Const BYTES_TO_A_WORD = 4
Private Const BITS_TO_A_WORD = 32

m_lOnBits(0) = CLng(1)
m_lOnBits(1) = CLng(3)
m_lOnBits(2) = CLng(7)
m_lOnBits(3) = CLng(15)
m_lOnBits(4) = CLng(31)
m_lOnBits(5) = CLng(63)
m_lOnBits(6) = CLng(127)
m_lOnBits(7) = CLng(255)
m_lOnBits(8) = CLng(511)
m_lOnBits(9) = CLng(1023)
m_lOnBits(10) = CLng(2047)
m_lOnBits(11) = CLng(4095)
m_lOnBits(12) = CLng(8191)
m_lOnBits(13) = CLng(16383)
m_lOnBits(14) = CLng(32767)
m_lOnBits(15) = CLng(65535)
m_lOnBits(16) = CLng(131071)
m_lOnBits(17) = CLng(262143)
m_lOnBits(18) = CLng(524287)
m_lOnBits(19) = CLng(1048575)
m_lOnBits(20) = CLng(2097151)
m_lOnBits(21) = CLng(4194303)
m_lOnBits(22) = CLng(8388607)
m_lOnBits(23) = CLng(16777215)
m_lOnBits(24) = CLng(33554431)
m_lOnBits(25) = CLng(67108863)
m_lOnBits(26) = CLng(134217727)
m_lOnBits(27) = CLng(268435455)
m_lOnBits(28) = CLng(536870911)
m_lOnBits(29) = CLng(1073741823)
m_lOnBits(30) = CLng(2147483647)

m_l2Power(0) = CLng(1)
m_l2Power(1) = CLng(2)
m_l2Power(2) = CLng(4)
m_l2Power(3) = CLng(8)
m_l2Power(4) = CLng(16)
m_l2Power(5) = CLng(32)
m_l2Power(6) = CLng(64)
m_l2Power(7) = CLng(128)
m_l2Power(8) = CLng(256)
m_l2Power(9) = CLng(512)
m_l2Power(10) = CLng(1024)
m_l2Power(11) = CLng(2048)
m_l2Power(12) = CLng(4096)
m_l2Power(13) = CLng(8192)
m_l2Power(14) = CLng(16384)
m_l2Power(15) = CLng(32768)
m_l2Power(16) = CLng(65536)
m_l2Power(17) = CLng(131072)
m_l2Power(18) = CLng(262144)
m_l2Power(19) = CLng(524288)
m_l2Power(20) = CLng(1048576)
m_l2Power(21) = CLng(2097152)
m_l2Power(22) = CLng(4194304)
m_l2Power(23) = CLng(8388608)
m_l2Power(24) = CLng(16777216)
m_l2Power(25) = CLng(33554432)
m_l2Power(26) = CLng(67108864)
m_l2Power(27) = CLng(134217728)
m_l2Power(28) = CLng(268435456)
m_l2Power(29) = CLng(536870912)
m_l2Power(30) = CLng(1073741824)
   
K(0) = &H428A2F98
K(1) = &H71374491
K(2) = &HB5C0FBCF
K(3) = &HE9B5DBA5
K(4) = &H3956C25B
K(5) = &H59F111F1
K(6) = &H923F82A4
K(7) = &HAB1C5ED5
K(8) = &HD807AA98
K(9) = &H12835B01
K(10) = &H243185BE
K(11) = &H550C7DC3
K(12) = &H72BE5D74
K(13) = &H80DEB1FE
K(14) = &H9BDC06A7
K(15) = &HC19BF174
K(16) = &HE49B69C1
K(17) = &HEFBE4786
K(18) = &HFC19DC6
K(19) = &H240CA1CC
K(20) = &H2DE92C6F
K(21) = &H4A7484AA
K(22) = &H5CB0A9DC
K(23) = &H76F988DA
K(24) = &H983E5152
K(25) = &HA831C66D
K(26) = &HB00327C8
K(27) = &HBF597FC7
K(28) = &HC6E00BF3
K(29) = &HD5A79147
K(30) = &H6CA6351
K(31) = &H14292967
K(32) = &H27B70A85
K(33) = &H2E1B2138
K(34) = &H4D2C6DFC
K(35) = &H53380D13
K(36) = &H650A7354
K(37) = &H766A0ABB
K(38) = &H81C2C92E
K(39) = &H92722C85
K(40) = &HA2BFE8A1
K(41) = &HA81A664B
K(42) = &HC24B8B70
K(43) = &HC76C51A3
K(44) = &HD192E819
K(45) = &HD6990624
K(46) = &HF40E3585
K(47) = &H106AA070
K(48) = &H19A4C116
K(49) = &H1E376C08
K(50) = &H2748774C
K(51) = &H34B0BCB5
K(52) = &H391C0CB3
K(53) = &H4ED8AA4A
K(54) = &H5B9CCA4F
K(55) = &H682E6FF3
K(56) = &H748F82EE
K(57) = &H78A5636F
K(58) = &H84C87814
K(59) = &H8CC70208
K(60) = &H90BEFFFA
K(61) = &HA4506CEB
K(62) = &HBEF9A3F7
K(63) = &HC67178F2

Private Function LShift(lValue, iShiftBits)
    If iShiftBits = 0 Then
        LShift = lValue
        Exit Function
    ElseIf iShiftBits = 31 Then
        If lValue And 1 Then
            LShift = &H80000000
        Else
            LShift = 0
        End If
        Exit Function
    ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
        Err.Raise 6
    End If
   
    If (lValue And m_l2Power(31 - iShiftBits)) Then
        LShift = ((lValue And m_lOnBits(31 - (iShiftBits + 1))) * m_l2Power(iShiftBits)) Or &H80000000
    Else
        LShift = ((lValue And m_lOnBits(31 - iShiftBits)) * m_l2Power(iShiftBits))
    End If
End Function

Private Function RShift(lValue, iShiftBits)
    If iShiftBits = 0 Then
        RShift = lValue
        Exit Function
    ElseIf iShiftBits = 31 Then
        If lValue And &H80000000 Then
            RShift = 1
        Else
            RShift = 0
        End If
        Exit Function
    ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
        Err.Raise 6
    End If
   
    RShift = (lValue And &H7FFFFFFE) \ m_l2Power(iShiftBits)
   
    If (lValue And &H80000000) Then
        RShift = (RShift Or (&H40000000 \ m_l2Power(iShiftBits - 1)))
    End If
End Function

Private Function AddUnsigned(lX, lY)
    Dim lX4
    Dim lY4
    Dim lX8
    Dim lY8
    Dim lResult
 
    lX8 = lX And &H80000000
    lY8 = lY And &H80000000
    lX4 = lX And &H40000000
    lY4 = lY And &H40000000
 
    lResult = (lX And &H3FFFFFFF) + (lY And &H3FFFFFFF)
 
    If lX4 And lY4 Then
        lResult = lResult Xor &H80000000 Xor lX8 Xor lY8
    ElseIf lX4 Or lY4 Then
        If lResult And &H40000000 Then
            lResult = lResult Xor &HC0000000 Xor lX8 Xor lY8
        Else
            lResult = lResult Xor &H40000000 Xor lX8 Xor lY8
        End If
    Else
        lResult = lResult Xor lX8 Xor lY8
    End If
 
    AddUnsigned = lResult
End Function

Private Function Ch(x, y, z)
    Ch = ((x And y) Xor ((Not x) And z))
End Function

Private Function Maj(x, y, z)
    Maj = ((x And y) Xor (x And z) Xor (y And z))
End Function

Private Function S(x, n)
    S = (RShift(x, (n And m_lOnBits(4))) Or LShift(x, (32 - (n And m_lOnBits(4)))))
End Function

Private Function R(x, n)
    R = RShift(x, CInt(n And m_lOnBits(4)))
End Function

Private Function Sigma0(x)
    Sigma0 = (S(x, 2) Xor S(x, 13) Xor S(x, 22))
End Function

Private Function Sigma1(x)
    Sigma1 = (S(x, 6) Xor S(x, 11) Xor S(x, 25))
End Function

Private Function Gamma0(x)
    Gamma0 = (S(x, 7) Xor S(x, 18) Xor R(x, 3))
End Function

Private Function Gamma1(x)
    Gamma1 = (S(x, 17) Xor S(x, 19) Xor R(x, 10))
End Function

Private Function ConvertToWordArray(sMessage)
    Dim lMessageLength
    Dim lNumberOfWords
    Dim lWordArray()
    Dim lBytePosition
    Dim lByteCount
    Dim lWordCount
    Dim lByte
   
    Const MODULUS_BITS = 512
    Const CONGRUENT_BITS = 448
   
    lMessageLength = Len(sMessage)
   
    lNumberOfWords = (((lMessageLength + ((MODULUS_BITS - CONGRUENT_BITS) \ BITS_TO_A_BYTE)) \ (MODULUS_BITS \ BITS_TO_A_BYTE)) + 1) * (MODULUS_BITS \ BITS_TO_A_WORD)
    ReDim lWordArray(lNumberOfWords - 1)
   
    lBytePosition = 0
    lByteCount = 0
    Do Until lByteCount >= lMessageLength
        lWordCount = lByteCount \ BYTES_TO_A_WORD
       
        lBytePosition = (3 - (lByteCount Mod BYTES_TO_A_WORD)) * BITS_TO_A_BYTE
       
        lByte = AscB(Mid(sMessage, lByteCount + 1, 1))
       
        lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(lByte, lBytePosition)
        lByteCount = lByteCount + 1
    Loop

    lWordCount = lByteCount \ BYTES_TO_A_WORD
    lBytePosition = (3 - (lByteCount Mod BYTES_TO_A_WORD)) * BITS_TO_A_BYTE

    lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(&H80, lBytePosition)

    lWordArray(lNumberOfWords - 1) = LShift(lMessageLength, 3)
    lWordArray(lNumberOfWords - 2) = RShift(lMessageLength, 29)
   
    ConvertToWordArray = lWordArray
End Function

Public Function SHA256(sMessage)
    Dim HASH(7)
    Dim M
    Dim W(63)
    Dim a
    Dim b
    Dim c
    Dim d
    Dim e
    Dim f
    Dim g
    Dim h
    Dim i
    Dim j
    Dim T1
    Dim T2
   
    HASH(0) = &H6A09E667
    HASH(1) = &HBB67AE85
    HASH(2) = &H3C6EF372
    HASH(3) = &HA54FF53A
    HASH(4) = &H510E527F
    HASH(5) = &H9B05688C
    HASH(6) = &H1F83D9AB
    HASH(7) = &H5BE0CD19
   
    M = ConvertToWordArray(sMessage)
   
    For i = 0 To UBound(M) Step 16
        a = HASH(0)
        b = HASH(1)
        c = HASH(2)
        d = HASH(3)
        e = HASH(4)
        f = HASH(5)
        g = HASH(6)
        h = HASH(7)
       
        For j = 0 To 63
            If j < 16 Then
                W(j) = M(j + i)
            Else
                W(j) = AddUnsigned(AddUnsigned(AddUnsigned(Gamma1(W(j - 2)), W(j - 7)), Gamma0(W(j - 15))), W(j - 16))
            End If
               
            T1 = AddUnsigned(AddUnsigned(AddUnsigned(AddUnsigned(h, Sigma1(e)), Ch(e, f, g)), K(j)), W(j))
            T2 = AddUnsigned(Sigma0(a), Maj(a, b, c))
           
            h = g
            g = f
            f = e
            e = AddUnsigned(d, T1)
            d = c
            c = b
            b = a
            a = AddUnsigned(T1, T2)
        Next
       
        HASH(0) = AddUnsigned(a, HASH(0))
        HASH(1) = AddUnsigned(b, HASH(1))
        HASH(2) = AddUnsigned(c, HASH(2))
        HASH(3) = AddUnsigned(d, HASH(3))
        HASH(4) = AddUnsigned(e, HASH(4))
        HASH(5) = AddUnsigned(f, HASH(5))
        HASH(6) = AddUnsigned(g, HASH(6))
        HASH(7) = AddUnsigned(h, HASH(7))
    Next
   
    SHA256 = LCase(Right("00000000" & Hex(HASH(0)), 8) & Right("00000000" & Hex(HASH(1)), 8) & Right("00000000" & Hex(HASH(2)), 8) & Right("00000000" & Hex(HASH(3)), 8) & Right("00000000" & Hex(HASH(4)), 8) & Right("00000000" & Hex(HASH(5)), 8) & Right("00000000" & Hex(HASH(6)), 8) & Right("00000000" & Hex(HASH(7)), 8))
End Function

' -------------------------------------------------------------------------
      ' Retrieve the registration form fields and store them to local variables
      ' -------------------------------------------------------------------------
      
      strLogin = request.form("txtLogin")
      strPassword = SHA256(strPass)

      ' -------------------------------------------------------------------------
      ' Open the connection
      ' -------------------------------------------------------------------------
      Set objConn = Server.CreateObject("ADODB.Connection")
      Set RS = Server.CreateObject("ADODB.Recordset")
      
      '--------------------------------------------------------------------------
      ' Define the Connection String for the database object as the database string
      '--------------------------------------------------------------------------                  
      objConn.ConnectionString = "Provider=sqloledb;Data Source=SQLsvr;Initial Catalog=sqlDB;User Id=sqlUser;Password=sqlpassword;"
      objConn.CursorLocation = 3
      objConn.Open
                                                      
      '--------------------------------------------------------------------------
      ' Set the SQL Query
      '--------------------------------------------------------------------------
      strSQL = "SELECT * FROM SecureTable WHERE (UserName = '" & strLogin & "')"
      
      '--------------------------------------------------------------------------
      ' Execute the query.
      '--------------------------------------------------------------------------
      RS.open strSQL, objConn
      
      '--------------------------------------------------------------------------
      ' If there is no matching login name, or the password does not match,
      ' print an error to the visitor and stop the processing of this page.
      '--------------------------------------------------------------------------
      If RS.EOF <> FALSE Then
      Response.Redirect("login_error.asp")
      ElseIf Trim(RS("md5PASS")) <> Trim(strPassword) Then
      Response.Redirect("login_error.asp")
      Response.End
      End If

         Session("strLogin") = strLogin
      'Session("userName") = RS("Engineer")
      'Session("x") = RS("QTYLogged")
      
      '--------------------------------------------------------------------------
      ' The user is validated, time to update the last login time. First close the
      ' old connection, now build the SQL query to insert the new record.
      '--------------------------------------------------------------------------
      RS.Close
      'Dim x
      'Dim y
      'Dim z
      'x = Session("x")
      'y = 1
      'z = x + Y
      'strSQL = "UPDATE UserTable SET QTYLogged = '" & z & "' WHERE (UserName = '" & strLogin & "')"
      
      '--------------------------------------------------------------------------
      ' Execute the query.
      '--------------------------------------------------------------------------
      'RS.open strSQL, objConn
      
      '--------------------------------------------------------------------------
      ' Now redirect the user to the main page as a logged in user.
      '--------------------------------------------------------------------------
      
            Response.Redirect("default.asp")
%>
_________________________________________________________________________________

As you can see, I commented out the Update portion of the login. But you can incorporate anything you wish.

For the Add to the table:
_________________________________________________________________________________
<%
Private m_lOnBits(30)
Private m_l2Power(30)
Private K(63)

Private Const BITS_TO_A_BYTE = 8
Private Const BYTES_TO_A_WORD = 4
Private Const BITS_TO_A_WORD = 32

m_lOnBits(0) = CLng(1)
m_lOnBits(1) = CLng(3)
m_lOnBits(2) = CLng(7)
m_lOnBits(3) = CLng(15)
m_lOnBits(4) = CLng(31)
m_lOnBits(5) = CLng(63)
m_lOnBits(6) = CLng(127)
m_lOnBits(7) = CLng(255)
m_lOnBits(8) = CLng(511)
m_lOnBits(9) = CLng(1023)
m_lOnBits(10) = CLng(2047)
m_lOnBits(11) = CLng(4095)
m_lOnBits(12) = CLng(8191)
m_lOnBits(13) = CLng(16383)
m_lOnBits(14) = CLng(32767)
m_lOnBits(15) = CLng(65535)
m_lOnBits(16) = CLng(131071)
m_lOnBits(17) = CLng(262143)
m_lOnBits(18) = CLng(524287)
m_lOnBits(19) = CLng(1048575)
m_lOnBits(20) = CLng(2097151)
m_lOnBits(21) = CLng(4194303)
m_lOnBits(22) = CLng(8388607)
m_lOnBits(23) = CLng(16777215)
m_lOnBits(24) = CLng(33554431)
m_lOnBits(25) = CLng(67108863)
m_lOnBits(26) = CLng(134217727)
m_lOnBits(27) = CLng(268435455)
m_lOnBits(28) = CLng(536870911)
m_lOnBits(29) = CLng(1073741823)
m_lOnBits(30) = CLng(2147483647)

m_l2Power(0) = CLng(1)
m_l2Power(1) = CLng(2)
m_l2Power(2) = CLng(4)
m_l2Power(3) = CLng(8)
m_l2Power(4) = CLng(16)
m_l2Power(5) = CLng(32)
m_l2Power(6) = CLng(64)
m_l2Power(7) = CLng(128)
m_l2Power(8) = CLng(256)
m_l2Power(9) = CLng(512)
m_l2Power(10) = CLng(1024)
m_l2Power(11) = CLng(2048)
m_l2Power(12) = CLng(4096)
m_l2Power(13) = CLng(8192)
m_l2Power(14) = CLng(16384)
m_l2Power(15) = CLng(32768)
m_l2Power(16) = CLng(65536)
m_l2Power(17) = CLng(131072)
m_l2Power(18) = CLng(262144)
m_l2Power(19) = CLng(524288)
m_l2Power(20) = CLng(1048576)
m_l2Power(21) = CLng(2097152)
m_l2Power(22) = CLng(4194304)
m_l2Power(23) = CLng(8388608)
m_l2Power(24) = CLng(16777216)
m_l2Power(25) = CLng(33554432)
m_l2Power(26) = CLng(67108864)
m_l2Power(27) = CLng(134217728)
m_l2Power(28) = CLng(268435456)
m_l2Power(29) = CLng(536870912)
m_l2Power(30) = CLng(1073741824)
   
K(0) = &H428A2F98
K(1) = &H71374491
K(2) = &HB5C0FBCF
K(3) = &HE9B5DBA5
K(4) = &H3956C25B
K(5) = &H59F111F1
K(6) = &H923F82A4
K(7) = &HAB1C5ED5
K(8) = &HD807AA98
K(9) = &H12835B01
K(10) = &H243185BE
K(11) = &H550C7DC3
K(12) = &H72BE5D74
K(13) = &H80DEB1FE
K(14) = &H9BDC06A7
K(15) = &HC19BF174
K(16) = &HE49B69C1
K(17) = &HEFBE4786
K(18) = &HFC19DC6
K(19) = &H240CA1CC
K(20) = &H2DE92C6F
K(21) = &H4A7484AA
K(22) = &H5CB0A9DC
K(23) = &H76F988DA
K(24) = &H983E5152
K(25) = &HA831C66D
K(26) = &HB00327C8
K(27) = &HBF597FC7
K(28) = &HC6E00BF3
K(29) = &HD5A79147
K(30) = &H6CA6351
K(31) = &H14292967
K(32) = &H27B70A85
K(33) = &H2E1B2138
K(34) = &H4D2C6DFC
K(35) = &H53380D13
K(36) = &H650A7354
K(37) = &H766A0ABB
K(38) = &H81C2C92E
K(39) = &H92722C85
K(40) = &HA2BFE8A1
K(41) = &HA81A664B
K(42) = &HC24B8B70
K(43) = &HC76C51A3
K(44) = &HD192E819
K(45) = &HD6990624
K(46) = &HF40E3585
K(47) = &H106AA070
K(48) = &H19A4C116
K(49) = &H1E376C08
K(50) = &H2748774C
K(51) = &H34B0BCB5
K(52) = &H391C0CB3
K(53) = &H4ED8AA4A
K(54) = &H5B9CCA4F
K(55) = &H682E6FF3
K(56) = &H748F82EE
K(57) = &H78A5636F
K(58) = &H84C87814
K(59) = &H8CC70208
K(60) = &H90BEFFFA
K(61) = &HA4506CEB
K(62) = &HBEF9A3F7
K(63) = &HC67178F2

Private Function LShift(lValue, iShiftBits)
    If iShiftBits = 0 Then
        LShift = lValue
        Exit Function
    ElseIf iShiftBits = 31 Then
        If lValue And 1 Then
            LShift = &H80000000
        Else
            LShift = 0
        End If
        Exit Function
    ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
        Err.Raise 6
    End If
   
    If (lValue And m_l2Power(31 - iShiftBits)) Then
        LShift = ((lValue And m_lOnBits(31 - (iShiftBits + 1))) * m_l2Power(iShiftBits)) Or &H80000000
    Else
        LShift = ((lValue And m_lOnBits(31 - iShiftBits)) * m_l2Power(iShiftBits))
    End If
End Function

Private Function RShift(lValue, iShiftBits)
    If iShiftBits = 0 Then
        RShift = lValue
        Exit Function
    ElseIf iShiftBits = 31 Then
        If lValue And &H80000000 Then
            RShift = 1
        Else
            RShift = 0
        End If
        Exit Function
    ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
        Err.Raise 6
    End If
   
    RShift = (lValue And &H7FFFFFFE) \ m_l2Power(iShiftBits)
   
    If (lValue And &H80000000) Then
        RShift = (RShift Or (&H40000000 \ m_l2Power(iShiftBits - 1)))
    End If
End Function

Private Function AddUnsigned(lX, lY)
    Dim lX4
    Dim lY4
    Dim lX8
    Dim lY8
    Dim lResult
 
    lX8 = lX And &H80000000
    lY8 = lY And &H80000000
    lX4 = lX And &H40000000
    lY4 = lY And &H40000000
 
    lResult = (lX And &H3FFFFFFF) + (lY And &H3FFFFFFF)
 
    If lX4 And lY4 Then
        lResult = lResult Xor &H80000000 Xor lX8 Xor lY8
    ElseIf lX4 Or lY4 Then
        If lResult And &H40000000 Then
            lResult = lResult Xor &HC0000000 Xor lX8 Xor lY8
        Else
            lResult = lResult Xor &H40000000 Xor lX8 Xor lY8
        End If
    Else
        lResult = lResult Xor lX8 Xor lY8
    End If
 
    AddUnsigned = lResult
End Function

Private Function Ch(x, y, z)
    Ch = ((x And y) Xor ((Not x) And z))
End Function

Private Function Maj(x, y, z)
    Maj = ((x And y) Xor (x And z) Xor (y And z))
End Function

Private Function S(x, n)
    S = (RShift(x, (n And m_lOnBits(4))) Or LShift(x, (32 - (n And m_lOnBits(4)))))
End Function

Private Function R(x, n)
    R = RShift(x, CInt(n And m_lOnBits(4)))
End Function

Private Function Sigma0(x)
    Sigma0 = (S(x, 2) Xor S(x, 13) Xor S(x, 22))
End Function

Private Function Sigma1(x)
    Sigma1 = (S(x, 6) Xor S(x, 11) Xor S(x, 25))
End Function

Private Function Gamma0(x)
    Gamma0 = (S(x, 7) Xor S(x, 18) Xor R(x, 3))
End Function

Private Function Gamma1(x)
    Gamma1 = (S(x, 17) Xor S(x, 19) Xor R(x, 10))
End Function

Private Function ConvertToWordArray(sMessage)
    Dim lMessageLength
    Dim lNumberOfWords
    Dim lWordArray()
    Dim lBytePosition
    Dim lByteCount
    Dim lWordCount
    Dim lByte
   
    Const MODULUS_BITS = 512
    Const CONGRUENT_BITS = 448
   
    lMessageLength = Len(sMessage)
   
    lNumberOfWords = (((lMessageLength + ((MODULUS_BITS - CONGRUENT_BITS) \ BITS_TO_A_BYTE)) \ (MODULUS_BITS \ BITS_TO_A_BYTE)) + 1) * (MODULUS_BITS \ BITS_TO_A_WORD)
    ReDim lWordArray(lNumberOfWords - 1)
   
    lBytePosition = 0
    lByteCount = 0
    Do Until lByteCount >= lMessageLength
        lWordCount = lByteCount \ BYTES_TO_A_WORD
       
        lBytePosition = (3 - (lByteCount Mod BYTES_TO_A_WORD)) * BITS_TO_A_BYTE
       
        lByte = AscB(Mid(sMessage, lByteCount + 1, 1))
       
        lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(lByte, lBytePosition)
        lByteCount = lByteCount + 1
    Loop

    lWordCount = lByteCount \ BYTES_TO_A_WORD
    lBytePosition = (3 - (lByteCount Mod BYTES_TO_A_WORD)) * BITS_TO_A_BYTE

    lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(&H80, lBytePosition)

    lWordArray(lNumberOfWords - 1) = LShift(lMessageLength, 3)
    lWordArray(lNumberOfWords - 2) = RShift(lMessageLength, 29)
   
    ConvertToWordArray = lWordArray
End Function

Public Function SHA256(sMessage)
    Dim HASH(7)
    Dim M
    Dim W(63)
    Dim a
    Dim b
    Dim c
    Dim d
    Dim e
    Dim f
    Dim g
    Dim h
    Dim i
    Dim j
    Dim T1
    Dim T2
   
    HASH(0) = &H6A09E667
    HASH(1) = &HBB67AE85
    HASH(2) = &H3C6EF372
    HASH(3) = &HA54FF53A
    HASH(4) = &H510E527F
    HASH(5) = &H9B05688C
    HASH(6) = &H1F83D9AB
    HASH(7) = &H5BE0CD19
   
    M = ConvertToWordArray(sMessage)
   
    For i = 0 To UBound(M) Step 16
        a = HASH(0)
        b = HASH(1)
        c = HASH(2)
        d = HASH(3)
        e = HASH(4)
        f = HASH(5)
        g = HASH(6)
        h = HASH(7)
       
        For j = 0 To 63
            If j < 16 Then
                W(j) = M(j + i)
            Else
                W(j) = AddUnsigned(AddUnsigned(AddUnsigned(Gamma1(W(j - 2)), W(j - 7)), Gamma0(W(j - 15))), W(j - 16))
            End If
               
            T1 = AddUnsigned(AddUnsigned(AddUnsigned(AddUnsigned(h, Sigma1(e)), Ch(e, f, g)), K(j)), W(j))
            T2 = AddUnsigned(Sigma0(a), Maj(a, b, c))
           
            h = g
            g = f
            f = e
            e = AddUnsigned(d, T1)
            d = c
            c = b
            b = a
            a = AddUnsigned(T1, T2)
        Next
       
        HASH(0) = AddUnsigned(a, HASH(0))
        HASH(1) = AddUnsigned(b, HASH(1))
        HASH(2) = AddUnsigned(c, HASH(2))
        HASH(3) = AddUnsigned(d, HASH(3))
        HASH(4) = AddUnsigned(e, HASH(4))
        HASH(5) = AddUnsigned(f, HASH(5))
        HASH(6) = AddUnsigned(g, HASH(6))
        HASH(7) = AddUnsigned(h, HASH(7))
    Next
   
    SHA256 = LCase(Right("00000000" & Hex(HASH(0)), 8) & Right("00000000" & Hex(HASH(1)), 8) & Right("00000000" & Hex(HASH(2)), 8) & Right("00000000" & Hex(HASH(3)), 8) & Right("00000000" & Hex(HASH(4)), 8) & Right("00000000" & Hex(HASH(5)), 8) & Right("00000000" & Hex(HASH(6)), 8) & Right("00000000" & Hex(HASH(7)), 8))
End Function


Dim sDigest
strUserName =  "cjinsocal581"
      strPassword = sha256("password")
      strLogged = "0"
      ' -------------------------------------------------------------------------
      ' Open the connection
      ' -------------------------------------------------------------------------

      ' -------------------------------------------------------------------------
      Set objConn = Server.CreateObject("ADODB.Connection")
      Set RS = Server.CreateObject("ADODB.Recordset")
      
      '--------------------------------------------------------------------------
      ' Define the Connection String for the database object as the database string
      '--------------------------------------------------------------------------                  
      objConn.ConnectionString = "Provider=sqloledb;Data Source=SQLsvr;Initial Catalog=sqlDB;User Id=sqlUser;Password=sqlpassword;"
      objConn.CursorLocation = 3
      objConn.Open
      '--------------------------------------------------------------------------
      %>
      <%
      Call AddSecureRecord()
            
      Sub AddSecureRecord()
      Dim strSQL
      
      strSQL = "INSERT INTO SecureTable (UserName, md5PASS, Logged) VALUES (" _
      & "'" & strUserName & "', " _
      & "'" & strPassword & "', " _
      & "'" & strLogged & "')"
      RS.open strSQL, objConn      
End Sub

      '--------------------------------------------------------------------------
      ' Execute the query.
      '--------------------------------------------------------------------------
            
      '--------------------------------------------------------------------------
      ' Now redirect the user to the main page as a logged in user.
      '--------------------------------------------------------------------------
      
      Response.Redirect("default.asp")


%>
_____________________________________________________________________

The above code (all three pages) is for a secure login using the 256 Bit secure code.

Below uses the 128 MD5
_____________________________________________________________________
md5login.asp
_____________________________________________________________________
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX">
      <title>128 MD5 Login</title>      
</head>
<%
Response.IsClientConnected
%>
<body>            

<table border="1" width="100%" id="table1" bordercolorlight="#000000" cellspacing="0" cellpadding="2" bordercolordark="#000000">
      <tr>
            <form method="POST" action="loginvalidate_md5.asp" name="form1">
                  <td>
                  <p align="center"><b><font size="2" face="Verdana">Admin Login</font></b></p>
                  <div align="center">
                  <table border="0" width="30%" id="table2">
                        <tr>
                              <td width="129"><font size="2" face="Verdana">Login:</font></td>
                              <td width="130"><font face="Verdana"><input type="text" name="txtLogin" size="20" tabindex="1"></font></td>
                        </tr>
                        <tr>
                              <td width="129"><font size="2" face="Verdana">Password:</font></td>
                              <td width="130">
                              <font face="Verdana">
                              &nbsp;<input type="password" name="md5" size="20" tabindex="2"></font></td>
                        </tr>
                        <tr>
                              <td width="129">
                              <p align="center">
    <font face="Verdana">
    <input type="submit" value="Login" name="B1" tabindex="3"></font></td>
                              <td width="130">
    <font face="Verdana">
    <input type="reset" value="Clear Fields" name="B2" tabindex="4"></font></td>
                        </tr>
                        </table>
                        </div>
                  </td>
            </form>
      </tr>
</table>
</body>
</html>
_____________________________________________________________________________________
now to authenticate: "loginvalidate_md5.asp"
______________________________________________________________________________________
<%

sTest = "test"

sInp = trim(request.form("md5"))

If sInp = "" Then
%>
<script language=JavaScript runat=Server>
/*
** pjMd5.js
**
** A JavaScript implementation of the RSA Data Security, Inc. MD5
** Message-Digest Algorithm.
**
** Copyright (C) Paul Johnston 1999.
*/

var sAscii=" !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`"
var sAscii=sAscii+"abcdefghijklmnopqrstuvwxyz{|}~";
var sHex="0123456789ABCDEF";

function hex(i) {
  h="";
  for(j=0; j<=3; j++) {
    h+=sHex.charAt((i>>(j*8+4))&0x0F)+sHex.charAt((i>>(j*8))&0x0F);
  }
  return h;
}
function add(x,y) {
  return ((x&0x7FFFFFFF)+(y&0x7FFFFFFF) )^(x&0x80000000)^(y&0x80000000);
}
function R1(A,B,C,D,X,S,T) {
  q=add( add(A,(B&C)|((~B)&D)), add(X,T) );
  return add( (q<<S)|( (q>>(32-S))&(Math.pow(2,S)-1) ), B );
}
function R2(A,B,C,D,X,S,T) {
  q=add( add(A,(B&D)|(C&(~D))), add(X,T) );
  return add( (q<<S)|( (q>>(32-S))&(Math.pow(2,S)-1) ), B );
}
function R3(A,B,C,D,X,S,T) {
  q=add( add(A,B^C^D), add(X,T) );
  return add( (q<<S)|( (q>>(32-S))&(Math.pow(2,S)-1) ), B );
}
function R4(A,B,C,D,X,S,T) {
  q=add( add(A,C^(B|(~D))), add(X,T) );
  return add( (q<<S)|( (q>>(32-S))&(Math.pow(2,S)-1) ), B );
}

function calcMD5(sInp) {

/* Calculate length in words, including padding */
wLen=(((sInp.length+8)>>6)+1)<<4;
var X = new Array(wLen);

/* Convert string to array of words */
j=4;
for (i=0; (i*4)<sInp.length; i++) {
  X[i]=0;
  for (j=0; j<4 && (i*4+j)<sInp.length; j++) {
    X[i]+=(sAscii.indexOf(sInp.charAt((i*4)+j))+32)<<(j*8);
  }
}

/* Append the 1 and 0s to make a multiple of 4 bytes */
if(j==4) { X[i++]=0x80; }
else { X[i-1]+=0x80<<(j*8); }
/* Appends 0s to make a 14+k16 words */
while ( i<wLen ) { X[i]=0; i++; }
/* Append length */
X[wLen-2]=sInp.length<<3;
/* Initialize a,b,c,d */
a=0x67452301; b=0xefcdab89; c=0x98badcfe; d=0x10325476;

/* Process each 16 word block in turn */
for (i=0; i<wLen; i+=16) {
aO=a; bO=b; cO=c; dO=d;

a=R1(a,b,c,d,X[i+ 0],7 ,0xd76aa478);
d=R1(d,a,b,c,X[i+ 1],12,0xe8c7b756);
c=R1(c,d,a,b,X[i+ 2],17,0x242070db);
b=R1(b,c,d,a,X[i+ 3],22,0xc1bdceee);
a=R1(a,b,c,d,X[i+ 4],7 ,0xf57c0faf);
d=R1(d,a,b,c,X[i+ 5],12,0x4787c62a);
c=R1(c,d,a,b,X[i+ 6],17,0xa8304613);
b=R1(b,c,d,a,X[i+ 7],22,0xfd469501);
a=R1(a,b,c,d,X[i+ 8],7 ,0x698098d8);
d=R1(d,a,b,c,X[i+ 9],12,0x8b44f7af);
c=R1(c,d,a,b,X[i+10],17,0xffff5bb1);
b=R1(b,c,d,a,X[i+11],22,0x895cd7be);
a=R1(a,b,c,d,X[i+12],7 ,0x6b901122);
d=R1(d,a,b,c,X[i+13],12,0xfd987193);
c=R1(c,d,a,b,X[i+14],17,0xa679438e);
b=R1(b,c,d,a,X[i+15],22,0x49b40821);

a=R2(a,b,c,d,X[i+ 1],5 ,0xf61e2562);
d=R2(d,a,b,c,X[i+ 6],9 ,0xc040b340);
c=R2(c,d,a,b,X[i+11],14,0x265e5a51);
b=R2(b,c,d,a,X[i+ 0],20,0xe9b6c7aa);
a=R2(a,b,c,d,X[i+ 5],5 ,0xd62f105d);
d=R2(d,a,b,c,X[i+10],9 , 0x2441453);
c=R2(c,d,a,b,X[i+15],14,0xd8a1e681);
b=R2(b,c,d,a,X[i+ 4],20,0xe7d3fbc8);
a=R2(a,b,c,d,X[i+ 9],5 ,0x21e1cde6);
d=R2(d,a,b,c,X[i+14],9 ,0xc33707d6);
c=R2(c,d,a,b,X[i+ 3],14,0xf4d50d87);
b=R2(b,c,d,a,X[i+ 8],20,0x455a14ed);
a=R2(a,b,c,d,X[i+13],5 ,0xa9e3e905);
d=R2(d,a,b,c,X[i+ 2],9 ,0xfcefa3f8);
c=R2(c,d,a,b,X[i+ 7],14,0x676f02d9);
b=R2(b,c,d,a,X[i+12],20,0x8d2a4c8a);

a=R3(a,b,c,d,X[i+ 5],4 ,0xfffa3942);
d=R3(d,a,b,c,X[i+ 8],11,0x8771f681);
c=R3(c,d,a,b,X[i+11],16,0x6d9d6122);
b=R3(b,c,d,a,X[i+14],23,0xfde5380c);
a=R3(a,b,c,d,X[i+ 1],4 ,0xa4beea44);
d=R3(d,a,b,c,X[i+ 4],11,0x4bdecfa9);
c=R3(c,d,a,b,X[i+ 7],16,0xf6bb4b60);
b=R3(b,c,d,a,X[i+10],23,0xbebfbc70);
a=R3(a,b,c,d,X[i+13],4 ,0x289b7ec6);
d=R3(d,a,b,c,X[i+ 0],11,0xeaa127fa);
c=R3(c,d,a,b,X[i+ 3],16,0xd4ef3085);
b=R3(b,c,d,a,X[i+ 6],23, 0x4881d05);
a=R3(a,b,c,d,X[i+ 9],4 ,0xd9d4d039);
d=R3(d,a,b,c,X[i+12],11,0xe6db99e5);
c=R3(c,d,a,b,X[i+15],16,0x1fa27cf8);
b=R3(b,c,d,a,X[i+ 2],23,0xc4ac5665);

a=R4(a,b,c,d,X[i+ 0],6 ,0xf4292244);
d=R4(d,a,b,c,X[i+ 7],10,0x432aff97);
c=R4(c,d,a,b,X[i+14],15,0xab9423a7);
b=R4(b,c,d,a,X[i+ 5],21,0xfc93a039);
a=R4(a,b,c,d,X[i+12],6 ,0x655b59c3);
d=R4(d,a,b,c,X[i+ 3],10,0x8f0ccc92);
c=R4(c,d,a,b,X[i+10],15,0xffeff47d);
b=R4(b,c,d,a,X[i+ 1],21,0x85845dd1);
a=R4(a,b,c,d,X[i+ 8],6 ,0x6fa87e4f);
d=R4(d,a,b,c,X[i+15],10,0xfe2ce6e0);
c=R4(c,d,a,b,X[i+ 6],15,0xa3014314);
b=R4(b,c,d,a,X[i+13],21,0x4e0811a1);
a=R4(a,b,c,d,X[i+ 4],6 ,0xf7537e82);
d=R4(d,a,b,c,X[i+11],10,0xbd3af235);
c=R4(c,d,a,b,X[i+ 2],15,0x2ad7d2bb);
b=R4(b,c,d,a,X[i+ 9],21,0xeb86d391);

a=add(a,aO); b=add(b,bO); c=add(c,cO); d=add(d,dO);
}
return hex(a)+hex(b)+hex(c)+hex(d);
}

</script>
<%
else

   sMD5 = calcMD5(sInp)
   'response.write "MD5 Hash: " & sMD5
   'response.redirect("secureadd.asp")
      
end if

' -------------------------------------------------------------------------
      ' Retrieve the registration form fields and store them to local variables
      ' -------------------------------------------------------------------------
      strLogin = Request.Form("txtLogin")
      strPassword = sMD5

      ' -------------------------------------------------------------------------
      ' Open the connection
      ' -------------------------------------------------------------------------
      Set objConn = Server.CreateObject("ADODB.Connection")
      Set RS = Server.CreateObject("ADODB.Recordset")
      
      '--------------------------------------------------------------------------
      ' Define the Connection String for the database object as the database string
      '--------------------------------------------------------------------------                  
      objConn.ConnectionString = "Provider=sqloledb;Data Source=SQLsvr;Initial Catalog=sqlDB;User Id=sqlUser;Password=sqlpassword;"
      objConn.CursorLocation = 3
      objConn.Open
                                                      
      '--------------------------------------------------------------------------
      ' Set the SQL Query
      '--------------------------------------------------------------------------
      strSQL = "SELECT * FROM SecureTable WHERE (UserName = '" & strLogin & "')"
      
      '--------------------------------------------------------------------------
      ' Execute the query.
      '--------------------------------------------------------------------------
      RS.open strSQL, objConn
      
      '--------------------------------------------------------------------------
      ' If there is no matching login name, or the password does not match,
      ' print an error to the visitor and stop the processing of this page.
      '--------------------------------------------------------------------------
      If RS.EOF <> FALSE Then
      Response.Redirect("login_error.asp")
      ElseIf Trim(RS("md5PASS")) <> Trim(strPassword) Then
      Response.Redirect("login_error.asp")
      Response.End
      End If

         Session("strLogin") = strLogin
      'Session("userName") = RS("Engineer")
      'Session("x") = RS("QTYLogged")
      
      '--------------------------------------------------------------------------
      ' The user is validated, time to update the last login time. First close the
      ' old connection, now build the SQL query to insert the new record.
      '--------------------------------------------------------------------------
      RS.Close
      'Dim x
      'Dim y
      'Dim z
      'x = Session("x")
      'y = 1
      'z = x + Y
      'strSQL = "UPDATE UserTable SET QTYLogged = '" & z & "' WHERE (UserName = '" & strLogin & "')"
      
      '--------------------------------------------------------------------------
      ' Execute the query.
      '--------------------------------------------------------------------------
      'RS.open strSQL, objConn
      
      '--------------------------------------------------------------------------
      ' Now redirect the user to the main page as a logged in user.
      '--------------------------------------------------------------------------
      
            Response.Redirect("default.asp")
%>
____________________________________________________________________________________________________

That is it!! Good luck.
0
 
cjinsocal581Commented:
I know it is a lot of code, but just be patient and copy each portion to a new page and save it as an ASP page.

Any questions or problems, just let me know.

Keep in mind that you can use the MD5 and 256 security algoritms for anything not just login stuff.
0
 
fruhjCommented:
to answer your question, there are 8 bits in a byte so 5 chars of 8 bits each = 40 bits (5*8)

128 = 16 chars * 8 bits
you'd need 16 characters.

I will say however that cjnsocal581 makes a good point - MD5 hashes are pretty common. - it's what I use to store passwords in my DB's

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now