Solved

# RC4 encryption algo bit level question

Posted on 2005-04-26
384 Views
Hi Experts,

I am using the functions below to provide an RC4 encryption to some sensitive fields in a website. I have the following question:

On the following line:

dim ET_RC4_40bitKey : ET_RC4_40bitKey="s0W3a" '*** Only 5 characters allowed in UK (40-bit encryption law)

The 40 bit key is defined. It appears to me that the encryption level is set at 40 bit because there are five characters in the encryption key. Is this correct? and if so how do I encrease the encryption to 128 bit?

Basically I am trying to work out the formula for #characters to encryption bit level.

Any ideas?

Thanks,

PJORDANNA

'*** Arrays for the RC4 Encryptions algorithms
Dim RC4_sbox(255)
Dim RC4_keyArray(255)
dim ET_RC4_40bitKey : ET_RC4_40bitKey="s0W3a" '*** Only 5 characters allowed in UK (40-bit encryption law)

Sub RC4Initialize(strPwd)
'**** This routine called by RC4EnDeCrypt function. Initializes the RC4_sbox and the RC4_keyArray array.

dim tempSwap
dim a
dim b

intLength = len(strPwd)
For a = 0 To 255
RC4_keyArray(a) = asc(mid(strpwd, (a mod intLength)+1, 1))
RC4_sbox(a) = a
next

b = 0
For a = 0 To 255
b = (b + RC4_sbox(a) + RC4_keyArray(a)) Mod 256
tempSwap = RC4_sbox(a)
RC4_sbox(a) = RC4_sbox(b)
RC4_sbox(b) = tempSwap
Next
End Sub

Function RC4EnDeCrypt(plaintxt, psw)
'*** Performs the encrption/decryption
'*** Note using more than a 5 character password would be illegal in the UK - only 40 bit encryption allowed
dim temp
dim a
dim i
dim j
dim k
dim cipherby
dim cipher

i = 0
j = 0

RC4Initialize psw

For a = 1 To Len(plaintxt)
i = (i + 1) Mod 256
j = (j + RC4_sbox(i)) Mod 256
temp = RC4_sbox(i)
RC4_sbox(i) = RC4_sbox(j)
RC4_sbox(j) = temp

k = RC4_sbox((RC4_sbox(i) + RC4_sbox(j)) Mod 256)

cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
cipher = cipher & Chr(cipherby)
Next

RC4EnDeCrypt = cipher

End Function

function charStrToHexCodes(charStr) '*** generates a hex byte string from a character string
charStrToHexCodes=""
for qq = 1 to len(charStr)
charStrToHexCodes=charStrToHexCodes & right(string(2,"0") & hex(asc(mid(charStr, qq, 1))),2)
next
end function

function hexCodesToCharStr(hexCodes) '*** generates a character string from a hex byte string
dim i
hexCodesToCharStr=""
if len(hexCodes)/2 <> Int(len(hexCodes)/2) then exit function
for i=1 to len(hexCodes)-1 step 2
hexCodesToCharStr=hexCodesToCharStr&Chr(hexByteToDecimal(Mid(hexCodes,i,2)))
next
end function

function hexDigitToDecimal(digit) '*** Converts a single hex digit to decimal, returns -1 if not possible
select case digit
case "0","1","2","3","4","5","6","7","8","9"
hexDigitToDecimal=CInt(digit)
case "A","a"
hexDigitToDecimal=10
case "B","b"
hexDigitToDecimal=11
case "C","c"
hexDigitToDecimal=12
case "D","d"
hexDigitToDecimal=13
case "E","e"
hexDigitToDecimal=14
case "F","f"
hexDigitToDecimal=15
case else
hexDigitToDecimal=-1
end select
end function

function hexByteToDecimal(byteStr) '*** Converts a hex byte to decimal, returns -1 if not possible
if (len(byteStr)<>2 or hexDigitToDecimal(Left(byteStr,1))=-1 or hexDigitToDecimal(Right(byteStr,1))=-1) then
hexByteToDecimal=-1
exit function
end if
hexByteToDecimal=hexDigitToDecimal(Left(byteStr,1))*16+hexDigitToDecimal(Right(byteStr,1))
end function
0
Question by:pjordanna

LVL 6

Accepted Solution

You will want to use the MD5 Hash. Here is some code to get you started:

___________________________________________________
<html>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<%
Response.IsClientConnected
%>
<body>

<table border="1" width="100%" id="table1" bordercolorlight="#000000" cellspacing="0" cellpadding="2" bordercolordark="#000000">
<tr>
<td>
<div align="center">
<table border="0" width="30%" id="table2">
<tr>
<td width="130"><font face="Verdana"><input type="text" name="txtLogin" size="20" tabindex="1"></font></td>
</tr>
<tr>
<td width="130">
<font face="Verdana">
</tr>
<tr>
<td width="129">
<p align="center">
<font face="Verdana">
<td width="130">
<font face="Verdana">
<input type="reset" value="Clear Fields" name="B2" tabindex="4"></font></td>
</tr>
</table>
</div>
</td>
</form>
</tr>
</table>
</body>
</html>
_________________________________________________________________
the page to validate it: loginvalidate_sha256.asp
_________________________________________________________________
<%
strPass = Trim(request.form("md5"))

Private m_lOnBits(30)
Private m_l2Power(30)
Private K(63)

Private Const BITS_TO_A_BYTE = 8
Private Const BYTES_TO_A_WORD = 4
Private Const BITS_TO_A_WORD = 32

m_lOnBits(0) = CLng(1)
m_lOnBits(1) = CLng(3)
m_lOnBits(2) = CLng(7)
m_lOnBits(3) = CLng(15)
m_lOnBits(4) = CLng(31)
m_lOnBits(5) = CLng(63)
m_lOnBits(6) = CLng(127)
m_lOnBits(7) = CLng(255)
m_lOnBits(8) = CLng(511)
m_lOnBits(9) = CLng(1023)
m_lOnBits(10) = CLng(2047)
m_lOnBits(11) = CLng(4095)
m_lOnBits(12) = CLng(8191)
m_lOnBits(13) = CLng(16383)
m_lOnBits(14) = CLng(32767)
m_lOnBits(15) = CLng(65535)
m_lOnBits(16) = CLng(131071)
m_lOnBits(17) = CLng(262143)
m_lOnBits(18) = CLng(524287)
m_lOnBits(19) = CLng(1048575)
m_lOnBits(20) = CLng(2097151)
m_lOnBits(21) = CLng(4194303)
m_lOnBits(22) = CLng(8388607)
m_lOnBits(23) = CLng(16777215)
m_lOnBits(24) = CLng(33554431)
m_lOnBits(25) = CLng(67108863)
m_lOnBits(26) = CLng(134217727)
m_lOnBits(27) = CLng(268435455)
m_lOnBits(28) = CLng(536870911)
m_lOnBits(29) = CLng(1073741823)
m_lOnBits(30) = CLng(2147483647)

m_l2Power(0) = CLng(1)
m_l2Power(1) = CLng(2)
m_l2Power(2) = CLng(4)
m_l2Power(3) = CLng(8)
m_l2Power(4) = CLng(16)
m_l2Power(5) = CLng(32)
m_l2Power(6) = CLng(64)
m_l2Power(7) = CLng(128)
m_l2Power(8) = CLng(256)
m_l2Power(9) = CLng(512)
m_l2Power(10) = CLng(1024)
m_l2Power(11) = CLng(2048)
m_l2Power(12) = CLng(4096)
m_l2Power(13) = CLng(8192)
m_l2Power(14) = CLng(16384)
m_l2Power(15) = CLng(32768)
m_l2Power(16) = CLng(65536)
m_l2Power(17) = CLng(131072)
m_l2Power(18) = CLng(262144)
m_l2Power(19) = CLng(524288)
m_l2Power(20) = CLng(1048576)
m_l2Power(21) = CLng(2097152)
m_l2Power(22) = CLng(4194304)
m_l2Power(23) = CLng(8388608)
m_l2Power(24) = CLng(16777216)
m_l2Power(25) = CLng(33554432)
m_l2Power(26) = CLng(67108864)
m_l2Power(27) = CLng(134217728)
m_l2Power(28) = CLng(268435456)
m_l2Power(29) = CLng(536870912)
m_l2Power(30) = CLng(1073741824)

K(0) = &H428A2F98
K(1) = &H71374491
K(2) = &HB5C0FBCF
K(3) = &HE9B5DBA5
K(4) = &H3956C25B
K(5) = &H59F111F1
K(6) = &H923F82A4
K(7) = &HAB1C5ED5
K(8) = &HD807AA98
K(9) = &H12835B01
K(10) = &H243185BE
K(11) = &H550C7DC3
K(12) = &H72BE5D74
K(13) = &H80DEB1FE
K(14) = &H9BDC06A7
K(15) = &HC19BF174
K(16) = &HE49B69C1
K(17) = &HEFBE4786
K(18) = &HFC19DC6
K(19) = &H240CA1CC
K(20) = &H2DE92C6F
K(21) = &H4A7484AA
K(22) = &H5CB0A9DC
K(23) = &H76F988DA
K(24) = &H983E5152
K(25) = &HA831C66D
K(26) = &HB00327C8
K(27) = &HBF597FC7
K(28) = &HC6E00BF3
K(29) = &HD5A79147
K(30) = &H6CA6351
K(31) = &H14292967
K(32) = &H27B70A85
K(33) = &H2E1B2138
K(34) = &H4D2C6DFC
K(35) = &H53380D13
K(36) = &H650A7354
K(37) = &H766A0ABB
K(38) = &H81C2C92E
K(39) = &H92722C85
K(40) = &HA2BFE8A1
K(41) = &HA81A664B
K(42) = &HC24B8B70
K(43) = &HC76C51A3
K(44) = &HD192E819
K(45) = &HD6990624
K(46) = &HF40E3585
K(47) = &H106AA070
K(48) = &H19A4C116
K(49) = &H1E376C08
K(50) = &H2748774C
K(51) = &H34B0BCB5
K(52) = &H391C0CB3
K(53) = &H4ED8AA4A
K(54) = &H5B9CCA4F
K(55) = &H682E6FF3
K(56) = &H748F82EE
K(57) = &H78A5636F
K(58) = &H84C87814
K(59) = &H8CC70208
K(60) = &H90BEFFFA
K(61) = &HA4506CEB
K(62) = &HBEF9A3F7
K(63) = &HC67178F2

Private Function LShift(lValue, iShiftBits)
If iShiftBits = 0 Then
LShift = lValue
Exit Function
ElseIf iShiftBits = 31 Then
If lValue And 1 Then
LShift = &H80000000
Else
LShift = 0
End If
Exit Function
ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
Err.Raise 6
End If

If (lValue And m_l2Power(31 - iShiftBits)) Then
LShift = ((lValue And m_lOnBits(31 - (iShiftBits + 1))) * m_l2Power(iShiftBits)) Or &H80000000
Else
LShift = ((lValue And m_lOnBits(31 - iShiftBits)) * m_l2Power(iShiftBits))
End If
End Function

Private Function RShift(lValue, iShiftBits)
If iShiftBits = 0 Then
RShift = lValue
Exit Function
ElseIf iShiftBits = 31 Then
If lValue And &H80000000 Then
RShift = 1
Else
RShift = 0
End If
Exit Function
ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
Err.Raise 6
End If

RShift = (lValue And &H7FFFFFFE) \ m_l2Power(iShiftBits)

If (lValue And &H80000000) Then
RShift = (RShift Or (&H40000000 \ m_l2Power(iShiftBits - 1)))
End If
End Function

Dim lX4
Dim lY4
Dim lX8
Dim lY8
Dim lResult

lX8 = lX And &H80000000
lY8 = lY And &H80000000
lX4 = lX And &H40000000
lY4 = lY And &H40000000

lResult = (lX And &H3FFFFFFF) + (lY And &H3FFFFFFF)

If lX4 And lY4 Then
lResult = lResult Xor &H80000000 Xor lX8 Xor lY8
ElseIf lX4 Or lY4 Then
If lResult And &H40000000 Then
lResult = lResult Xor &HC0000000 Xor lX8 Xor lY8
Else
lResult = lResult Xor &H40000000 Xor lX8 Xor lY8
End If
Else
lResult = lResult Xor lX8 Xor lY8
End If

End Function

Private Function Ch(x, y, z)
Ch = ((x And y) Xor ((Not x) And z))
End Function

Private Function Maj(x, y, z)
Maj = ((x And y) Xor (x And z) Xor (y And z))
End Function

Private Function S(x, n)
S = (RShift(x, (n And m_lOnBits(4))) Or LShift(x, (32 - (n And m_lOnBits(4)))))
End Function

Private Function R(x, n)
R = RShift(x, CInt(n And m_lOnBits(4)))
End Function

Private Function Sigma0(x)
Sigma0 = (S(x, 2) Xor S(x, 13) Xor S(x, 22))
End Function

Private Function Sigma1(x)
Sigma1 = (S(x, 6) Xor S(x, 11) Xor S(x, 25))
End Function

Private Function Gamma0(x)
Gamma0 = (S(x, 7) Xor S(x, 18) Xor R(x, 3))
End Function

Private Function Gamma1(x)
Gamma1 = (S(x, 17) Xor S(x, 19) Xor R(x, 10))
End Function

Private Function ConvertToWordArray(sMessage)
Dim lMessageLength
Dim lNumberOfWords
Dim lWordArray()
Dim lBytePosition
Dim lByteCount
Dim lWordCount
Dim lByte

Const MODULUS_BITS = 512
Const CONGRUENT_BITS = 448

lMessageLength = Len(sMessage)

lNumberOfWords = (((lMessageLength + ((MODULUS_BITS - CONGRUENT_BITS) \ BITS_TO_A_BYTE)) \ (MODULUS_BITS \ BITS_TO_A_BYTE)) + 1) * (MODULUS_BITS \ BITS_TO_A_WORD)
ReDim lWordArray(lNumberOfWords - 1)

lBytePosition = 0
lByteCount = 0
Do Until lByteCount >= lMessageLength
lWordCount = lByteCount \ BYTES_TO_A_WORD

lBytePosition = (3 - (lByteCount Mod BYTES_TO_A_WORD)) * BITS_TO_A_BYTE

lByte = AscB(Mid(sMessage, lByteCount + 1, 1))

lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(lByte, lBytePosition)
lByteCount = lByteCount + 1
Loop

lWordCount = lByteCount \ BYTES_TO_A_WORD
lBytePosition = (3 - (lByteCount Mod BYTES_TO_A_WORD)) * BITS_TO_A_BYTE

lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(&H80, lBytePosition)

lWordArray(lNumberOfWords - 1) = LShift(lMessageLength, 3)
lWordArray(lNumberOfWords - 2) = RShift(lMessageLength, 29)

ConvertToWordArray = lWordArray
End Function

Public Function SHA256(sMessage)
Dim HASH(7)
Dim M
Dim W(63)
Dim a
Dim b
Dim c
Dim d
Dim e
Dim f
Dim g
Dim h
Dim i
Dim j
Dim T1
Dim T2

HASH(0) = &H6A09E667
HASH(1) = &HBB67AE85
HASH(2) = &H3C6EF372
HASH(3) = &HA54FF53A
HASH(4) = &H510E527F
HASH(5) = &H9B05688C
HASH(6) = &H1F83D9AB
HASH(7) = &H5BE0CD19

M = ConvertToWordArray(sMessage)

For i = 0 To UBound(M) Step 16
a = HASH(0)
b = HASH(1)
c = HASH(2)
d = HASH(3)
e = HASH(4)
f = HASH(5)
g = HASH(6)
h = HASH(7)

For j = 0 To 63
If j < 16 Then
W(j) = M(j + i)
Else
End If

T2 = AddUnsigned(Sigma0(a), Maj(a, b, c))

h = g
g = f
f = e
d = c
c = b
b = a
Next

Next

SHA256 = LCase(Right("00000000" & Hex(HASH(0)), 8) & Right("00000000" & Hex(HASH(1)), 8) & Right("00000000" & Hex(HASH(2)), 8) & Right("00000000" & Hex(HASH(3)), 8) & Right("00000000" & Hex(HASH(4)), 8) & Right("00000000" & Hex(HASH(5)), 8) & Right("00000000" & Hex(HASH(6)), 8) & Right("00000000" & Hex(HASH(7)), 8))
End Function

' -------------------------------------------------------------------------
' Retrieve the registration form fields and store them to local variables
' -------------------------------------------------------------------------

' -------------------------------------------------------------------------
' Open the connection
' -------------------------------------------------------------------------

'--------------------------------------------------------------------------
' Define the Connection String for the database object as the database string
'--------------------------------------------------------------------------
objConn.CursorLocation = 3
objConn.Open

'--------------------------------------------------------------------------
' Set the SQL Query
'--------------------------------------------------------------------------
strSQL = "SELECT * FROM SecureTable WHERE (UserName = '" & strLogin & "')"

'--------------------------------------------------------------------------
' Execute the query.
'--------------------------------------------------------------------------
RS.open strSQL, objConn

'--------------------------------------------------------------------------
' If there is no matching login name, or the password does not match,
' print an error to the visitor and stop the processing of this page.
'--------------------------------------------------------------------------
If RS.EOF <> FALSE Then
Response.End
End If

'Session("x") = RS("QTYLogged")

'--------------------------------------------------------------------------
' The user is validated, time to update the last login time. First close the
' old connection, now build the SQL query to insert the new record.
'--------------------------------------------------------------------------
RS.Close
'Dim x
'Dim y
'Dim z
'x = Session("x")
'y = 1
'z = x + Y
'strSQL = "UPDATE UserTable SET QTYLogged = '" & z & "' WHERE (UserName = '" & strLogin & "')"

'--------------------------------------------------------------------------
' Execute the query.
'--------------------------------------------------------------------------
'RS.open strSQL, objConn

'--------------------------------------------------------------------------
' Now redirect the user to the main page as a logged in user.
'--------------------------------------------------------------------------

Response.Redirect("default.asp")
%>
_________________________________________________________________________________

As you can see, I commented out the Update portion of the login. But you can incorporate anything you wish.

For the Add to the table:
_________________________________________________________________________________
<%
Private m_lOnBits(30)
Private m_l2Power(30)
Private K(63)

Private Const BITS_TO_A_BYTE = 8
Private Const BYTES_TO_A_WORD = 4
Private Const BITS_TO_A_WORD = 32

m_lOnBits(0) = CLng(1)
m_lOnBits(1) = CLng(3)
m_lOnBits(2) = CLng(7)
m_lOnBits(3) = CLng(15)
m_lOnBits(4) = CLng(31)
m_lOnBits(5) = CLng(63)
m_lOnBits(6) = CLng(127)
m_lOnBits(7) = CLng(255)
m_lOnBits(8) = CLng(511)
m_lOnBits(9) = CLng(1023)
m_lOnBits(10) = CLng(2047)
m_lOnBits(11) = CLng(4095)
m_lOnBits(12) = CLng(8191)
m_lOnBits(13) = CLng(16383)
m_lOnBits(14) = CLng(32767)
m_lOnBits(15) = CLng(65535)
m_lOnBits(16) = CLng(131071)
m_lOnBits(17) = CLng(262143)
m_lOnBits(18) = CLng(524287)
m_lOnBits(19) = CLng(1048575)
m_lOnBits(20) = CLng(2097151)
m_lOnBits(21) = CLng(4194303)
m_lOnBits(22) = CLng(8388607)
m_lOnBits(23) = CLng(16777215)
m_lOnBits(24) = CLng(33554431)
m_lOnBits(25) = CLng(67108863)
m_lOnBits(26) = CLng(134217727)
m_lOnBits(27) = CLng(268435455)
m_lOnBits(28) = CLng(536870911)
m_lOnBits(29) = CLng(1073741823)
m_lOnBits(30) = CLng(2147483647)

m_l2Power(0) = CLng(1)
m_l2Power(1) = CLng(2)
m_l2Power(2) = CLng(4)
m_l2Power(3) = CLng(8)
m_l2Power(4) = CLng(16)
m_l2Power(5) = CLng(32)
m_l2Power(6) = CLng(64)
m_l2Power(7) = CLng(128)
m_l2Power(8) = CLng(256)
m_l2Power(9) = CLng(512)
m_l2Power(10) = CLng(1024)
m_l2Power(11) = CLng(2048)
m_l2Power(12) = CLng(4096)
m_l2Power(13) = CLng(8192)
m_l2Power(14) = CLng(16384)
m_l2Power(15) = CLng(32768)
m_l2Power(16) = CLng(65536)
m_l2Power(17) = CLng(131072)
m_l2Power(18) = CLng(262144)
m_l2Power(19) = CLng(524288)
m_l2Power(20) = CLng(1048576)
m_l2Power(21) = CLng(2097152)
m_l2Power(22) = CLng(4194304)
m_l2Power(23) = CLng(8388608)
m_l2Power(24) = CLng(16777216)
m_l2Power(25) = CLng(33554432)
m_l2Power(26) = CLng(67108864)
m_l2Power(27) = CLng(134217728)
m_l2Power(28) = CLng(268435456)
m_l2Power(29) = CLng(536870912)
m_l2Power(30) = CLng(1073741824)

K(0) = &H428A2F98
K(1) = &H71374491
K(2) = &HB5C0FBCF
K(3) = &HE9B5DBA5
K(4) = &H3956C25B
K(5) = &H59F111F1
K(6) = &H923F82A4
K(7) = &HAB1C5ED5
K(8) = &HD807AA98
K(9) = &H12835B01
K(10) = &H243185BE
K(11) = &H550C7DC3
K(12) = &H72BE5D74
K(13) = &H80DEB1FE
K(14) = &H9BDC06A7
K(15) = &HC19BF174
K(16) = &HE49B69C1
K(17) = &HEFBE4786
K(18) = &HFC19DC6
K(19) = &H240CA1CC
K(20) = &H2DE92C6F
K(21) = &H4A7484AA
K(22) = &H5CB0A9DC
K(23) = &H76F988DA
K(24) = &H983E5152
K(25) = &HA831C66D
K(26) = &HB00327C8
K(27) = &HBF597FC7
K(28) = &HC6E00BF3
K(29) = &HD5A79147
K(30) = &H6CA6351
K(31) = &H14292967
K(32) = &H27B70A85
K(33) = &H2E1B2138
K(34) = &H4D2C6DFC
K(35) = &H53380D13
K(36) = &H650A7354
K(37) = &H766A0ABB
K(38) = &H81C2C92E
K(39) = &H92722C85
K(40) = &HA2BFE8A1
K(41) = &HA81A664B
K(42) = &HC24B8B70
K(43) = &HC76C51A3
K(44) = &HD192E819
K(45) = &HD6990624
K(46) = &HF40E3585
K(47) = &H106AA070
K(48) = &H19A4C116
K(49) = &H1E376C08
K(50) = &H2748774C
K(51) = &H34B0BCB5
K(52) = &H391C0CB3
K(53) = &H4ED8AA4A
K(54) = &H5B9CCA4F
K(55) = &H682E6FF3
K(56) = &H748F82EE
K(57) = &H78A5636F
K(58) = &H84C87814
K(59) = &H8CC70208
K(60) = &H90BEFFFA
K(61) = &HA4506CEB
K(62) = &HBEF9A3F7
K(63) = &HC67178F2

Private Function LShift(lValue, iShiftBits)
If iShiftBits = 0 Then
LShift = lValue
Exit Function
ElseIf iShiftBits = 31 Then
If lValue And 1 Then
LShift = &H80000000
Else
LShift = 0
End If
Exit Function
ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
Err.Raise 6
End If

If (lValue And m_l2Power(31 - iShiftBits)) Then
LShift = ((lValue And m_lOnBits(31 - (iShiftBits + 1))) * m_l2Power(iShiftBits)) Or &H80000000
Else
LShift = ((lValue And m_lOnBits(31 - iShiftBits)) * m_l2Power(iShiftBits))
End If
End Function

Private Function RShift(lValue, iShiftBits)
If iShiftBits = 0 Then
RShift = lValue
Exit Function
ElseIf iShiftBits = 31 Then
If lValue And &H80000000 Then
RShift = 1
Else
RShift = 0
End If
Exit Function
ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
Err.Raise 6
End If

RShift = (lValue And &H7FFFFFFE) \ m_l2Power(iShiftBits)

If (lValue And &H80000000) Then
RShift = (RShift Or (&H40000000 \ m_l2Power(iShiftBits - 1)))
End If
End Function

Dim lX4
Dim lY4
Dim lX8
Dim lY8
Dim lResult

lX8 = lX And &H80000000
lY8 = lY And &H80000000
lX4 = lX And &H40000000
lY4 = lY And &H40000000

lResult = (lX And &H3FFFFFFF) + (lY And &H3FFFFFFF)

If lX4 And lY4 Then
lResult = lResult Xor &H80000000 Xor lX8 Xor lY8
ElseIf lX4 Or lY4 Then
If lResult And &H40000000 Then
lResult = lResult Xor &HC0000000 Xor lX8 Xor lY8
Else
lResult = lResult Xor &H40000000 Xor lX8 Xor lY8
End If
Else
lResult = lResult Xor lX8 Xor lY8
End If

End Function

Private Function Ch(x, y, z)
Ch = ((x And y) Xor ((Not x) And z))
End Function

Private Function Maj(x, y, z)
Maj = ((x And y) Xor (x And z) Xor (y And z))
End Function

Private Function S(x, n)
S = (RShift(x, (n And m_lOnBits(4))) Or LShift(x, (32 - (n And m_lOnBits(4)))))
End Function

Private Function R(x, n)
R = RShift(x, CInt(n And m_lOnBits(4)))
End Function

Private Function Sigma0(x)
Sigma0 = (S(x, 2) Xor S(x, 13) Xor S(x, 22))
End Function

Private Function Sigma1(x)
Sigma1 = (S(x, 6) Xor S(x, 11) Xor S(x, 25))
End Function

Private Function Gamma0(x)
Gamma0 = (S(x, 7) Xor S(x, 18) Xor R(x, 3))
End Function

Private Function Gamma1(x)
Gamma1 = (S(x, 17) Xor S(x, 19) Xor R(x, 10))
End Function

Private Function ConvertToWordArray(sMessage)
Dim lMessageLength
Dim lNumberOfWords
Dim lWordArray()
Dim lBytePosition
Dim lByteCount
Dim lWordCount
Dim lByte

Const MODULUS_BITS = 512
Const CONGRUENT_BITS = 448

lMessageLength = Len(sMessage)

lNumberOfWords = (((lMessageLength + ((MODULUS_BITS - CONGRUENT_BITS) \ BITS_TO_A_BYTE)) \ (MODULUS_BITS \ BITS_TO_A_BYTE)) + 1) * (MODULUS_BITS \ BITS_TO_A_WORD)
ReDim lWordArray(lNumberOfWords - 1)

lBytePosition = 0
lByteCount = 0
Do Until lByteCount >= lMessageLength
lWordCount = lByteCount \ BYTES_TO_A_WORD

lBytePosition = (3 - (lByteCount Mod BYTES_TO_A_WORD)) * BITS_TO_A_BYTE

lByte = AscB(Mid(sMessage, lByteCount + 1, 1))

lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(lByte, lBytePosition)
lByteCount = lByteCount + 1
Loop

lWordCount = lByteCount \ BYTES_TO_A_WORD
lBytePosition = (3 - (lByteCount Mod BYTES_TO_A_WORD)) * BITS_TO_A_BYTE

lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(&H80, lBytePosition)

lWordArray(lNumberOfWords - 1) = LShift(lMessageLength, 3)
lWordArray(lNumberOfWords - 2) = RShift(lMessageLength, 29)

ConvertToWordArray = lWordArray
End Function

Public Function SHA256(sMessage)
Dim HASH(7)
Dim M
Dim W(63)
Dim a
Dim b
Dim c
Dim d
Dim e
Dim f
Dim g
Dim h
Dim i
Dim j
Dim T1
Dim T2

HASH(0) = &H6A09E667
HASH(1) = &HBB67AE85
HASH(2) = &H3C6EF372
HASH(3) = &HA54FF53A
HASH(4) = &H510E527F
HASH(5) = &H9B05688C
HASH(6) = &H1F83D9AB
HASH(7) = &H5BE0CD19

M = ConvertToWordArray(sMessage)

For i = 0 To UBound(M) Step 16
a = HASH(0)
b = HASH(1)
c = HASH(2)
d = HASH(3)
e = HASH(4)
f = HASH(5)
g = HASH(6)
h = HASH(7)

For j = 0 To 63
If j < 16 Then
W(j) = M(j + i)
Else
End If

T2 = AddUnsigned(Sigma0(a), Maj(a, b, c))

h = g
g = f
f = e
d = c
c = b
b = a
Next

Next

SHA256 = LCase(Right("00000000" & Hex(HASH(0)), 8) & Right("00000000" & Hex(HASH(1)), 8) & Right("00000000" & Hex(HASH(2)), 8) & Right("00000000" & Hex(HASH(3)), 8) & Right("00000000" & Hex(HASH(4)), 8) & Right("00000000" & Hex(HASH(5)), 8) & Right("00000000" & Hex(HASH(6)), 8) & Right("00000000" & Hex(HASH(7)), 8))
End Function

Dim sDigest
strLogged = "0"
' -------------------------------------------------------------------------
' Open the connection
' -------------------------------------------------------------------------

' -------------------------------------------------------------------------

'--------------------------------------------------------------------------
' Define the Connection String for the database object as the database string
'--------------------------------------------------------------------------
objConn.CursorLocation = 3
objConn.Open
'--------------------------------------------------------------------------
%>
<%

Dim strSQL

strSQL = "INSERT INTO SecureTable (UserName, md5PASS, Logged) VALUES (" _
& "'" & strUserName & "', " _
& "'" & strPassword & "', " _
& "'" & strLogged & "')"
RS.open strSQL, objConn
End Sub

'--------------------------------------------------------------------------
' Execute the query.
'--------------------------------------------------------------------------

'--------------------------------------------------------------------------
' Now redirect the user to the main page as a logged in user.
'--------------------------------------------------------------------------

Response.Redirect("default.asp")

%>
_____________________________________________________________________

The above code (all three pages) is for a secure login using the 256 Bit secure code.

Below uses the 128 MD5
_____________________________________________________________________
_____________________________________________________________________
<html>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<%
Response.IsClientConnected
%>
<body>

<table border="1" width="100%" id="table1" bordercolorlight="#000000" cellspacing="0" cellpadding="2" bordercolordark="#000000">
<tr>
<td>
<div align="center">
<table border="0" width="30%" id="table2">
<tr>
<td width="130"><font face="Verdana"><input type="text" name="txtLogin" size="20" tabindex="1"></font></td>
</tr>
<tr>
<td width="130">
<font face="Verdana">
</tr>
<tr>
<td width="129">
<p align="center">
<font face="Verdana">
<td width="130">
<font face="Verdana">
<input type="reset" value="Clear Fields" name="B2" tabindex="4"></font></td>
</tr>
</table>
</div>
</td>
</form>
</tr>
</table>
</body>
</html>
_____________________________________________________________________________________
______________________________________________________________________________________
<%

sTest = "test"

sInp = trim(request.form("md5"))

If sInp = "" Then
%>
<script language=JavaScript runat=Server>
/*
** pjMd5.js
**
** A JavaScript implementation of the RSA Data Security, Inc. MD5
** Message-Digest Algorithm.
**
** Copyright (C) Paul Johnston 1999.
*/

var sAscii=" !\"#\$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`"
var sAscii=sAscii+"abcdefghijklmnopqrstuvwxyz{|}~";
var sHex="0123456789ABCDEF";

function hex(i) {
h="";
for(j=0; j<=3; j++) {
h+=sHex.charAt((i>>(j*8+4))&0x0F)+sHex.charAt((i>>(j*8))&0x0F);
}
return h;
}
return ((x&0x7FFFFFFF)+(y&0x7FFFFFFF) )^(x&0x80000000)^(y&0x80000000);
}
function R1(A,B,C,D,X,S,T) {
return add( (q<<S)|( (q>>(32-S))&(Math.pow(2,S)-1) ), B );
}
function R2(A,B,C,D,X,S,T) {
return add( (q<<S)|( (q>>(32-S))&(Math.pow(2,S)-1) ), B );
}
function R3(A,B,C,D,X,S,T) {
return add( (q<<S)|( (q>>(32-S))&(Math.pow(2,S)-1) ), B );
}
function R4(A,B,C,D,X,S,T) {
return add( (q<<S)|( (q>>(32-S))&(Math.pow(2,S)-1) ), B );
}

function calcMD5(sInp) {

/* Calculate length in words, including padding */
wLen=(((sInp.length+8)>>6)+1)<<4;
var X = new Array(wLen);

/* Convert string to array of words */
j=4;
for (i=0; (i*4)<sInp.length; i++) {
X[i]=0;
for (j=0; j<4 && (i*4+j)<sInp.length; j++) {
X[i]+=(sAscii.indexOf(sInp.charAt((i*4)+j))+32)<<(j*8);
}
}

/* Append the 1 and 0s to make a multiple of 4 bytes */
if(j==4) { X[i++]=0x80; }
else { X[i-1]+=0x80<<(j*8); }
/* Appends 0s to make a 14+k16 words */
while ( i<wLen ) { X[i]=0; i++; }
/* Append length */
X[wLen-2]=sInp.length<<3;
/* Initialize a,b,c,d */

/* Process each 16 word block in turn */
for (i=0; i<wLen; i+=16) {
aO=a; bO=b; cO=c; dO=d;

a=R1(a,b,c,d,X[i+ 0],7 ,0xd76aa478);
d=R1(d,a,b,c,X[i+ 1],12,0xe8c7b756);
c=R1(c,d,a,b,X[i+ 2],17,0x242070db);
b=R1(b,c,d,a,X[i+ 3],22,0xc1bdceee);
a=R1(a,b,c,d,X[i+ 4],7 ,0xf57c0faf);
d=R1(d,a,b,c,X[i+ 5],12,0x4787c62a);
c=R1(c,d,a,b,X[i+ 6],17,0xa8304613);
b=R1(b,c,d,a,X[i+ 7],22,0xfd469501);
a=R1(a,b,c,d,X[i+ 8],7 ,0x698098d8);
d=R1(d,a,b,c,X[i+ 9],12,0x8b44f7af);
c=R1(c,d,a,b,X[i+10],17,0xffff5bb1);
b=R1(b,c,d,a,X[i+11],22,0x895cd7be);
a=R1(a,b,c,d,X[i+12],7 ,0x6b901122);
d=R1(d,a,b,c,X[i+13],12,0xfd987193);
c=R1(c,d,a,b,X[i+14],17,0xa679438e);
b=R1(b,c,d,a,X[i+15],22,0x49b40821);

a=R2(a,b,c,d,X[i+ 1],5 ,0xf61e2562);
d=R2(d,a,b,c,X[i+ 6],9 ,0xc040b340);
c=R2(c,d,a,b,X[i+11],14,0x265e5a51);
b=R2(b,c,d,a,X[i+ 0],20,0xe9b6c7aa);
a=R2(a,b,c,d,X[i+ 5],5 ,0xd62f105d);
d=R2(d,a,b,c,X[i+10],9 , 0x2441453);
c=R2(c,d,a,b,X[i+15],14,0xd8a1e681);
b=R2(b,c,d,a,X[i+ 4],20,0xe7d3fbc8);
a=R2(a,b,c,d,X[i+ 9],5 ,0x21e1cde6);
d=R2(d,a,b,c,X[i+14],9 ,0xc33707d6);
c=R2(c,d,a,b,X[i+ 3],14,0xf4d50d87);
b=R2(b,c,d,a,X[i+ 8],20,0x455a14ed);
a=R2(a,b,c,d,X[i+13],5 ,0xa9e3e905);
d=R2(d,a,b,c,X[i+ 2],9 ,0xfcefa3f8);
c=R2(c,d,a,b,X[i+ 7],14,0x676f02d9);
b=R2(b,c,d,a,X[i+12],20,0x8d2a4c8a);

a=R3(a,b,c,d,X[i+ 5],4 ,0xfffa3942);
d=R3(d,a,b,c,X[i+ 8],11,0x8771f681);
c=R3(c,d,a,b,X[i+11],16,0x6d9d6122);
b=R3(b,c,d,a,X[i+14],23,0xfde5380c);
a=R3(a,b,c,d,X[i+ 1],4 ,0xa4beea44);
d=R3(d,a,b,c,X[i+ 4],11,0x4bdecfa9);
c=R3(c,d,a,b,X[i+ 7],16,0xf6bb4b60);
b=R3(b,c,d,a,X[i+10],23,0xbebfbc70);
a=R3(a,b,c,d,X[i+13],4 ,0x289b7ec6);
d=R3(d,a,b,c,X[i+ 0],11,0xeaa127fa);
c=R3(c,d,a,b,X[i+ 3],16,0xd4ef3085);
b=R3(b,c,d,a,X[i+ 6],23, 0x4881d05);
a=R3(a,b,c,d,X[i+ 9],4 ,0xd9d4d039);
d=R3(d,a,b,c,X[i+12],11,0xe6db99e5);
c=R3(c,d,a,b,X[i+15],16,0x1fa27cf8);
b=R3(b,c,d,a,X[i+ 2],23,0xc4ac5665);

a=R4(a,b,c,d,X[i+ 0],6 ,0xf4292244);
d=R4(d,a,b,c,X[i+ 7],10,0x432aff97);
c=R4(c,d,a,b,X[i+14],15,0xab9423a7);
b=R4(b,c,d,a,X[i+ 5],21,0xfc93a039);
a=R4(a,b,c,d,X[i+12],6 ,0x655b59c3);
d=R4(d,a,b,c,X[i+ 3],10,0x8f0ccc92);
c=R4(c,d,a,b,X[i+10],15,0xffeff47d);
b=R4(b,c,d,a,X[i+ 1],21,0x85845dd1);
a=R4(a,b,c,d,X[i+ 8],6 ,0x6fa87e4f);
d=R4(d,a,b,c,X[i+15],10,0xfe2ce6e0);
c=R4(c,d,a,b,X[i+ 6],15,0xa3014314);
b=R4(b,c,d,a,X[i+13],21,0x4e0811a1);
a=R4(a,b,c,d,X[i+ 4],6 ,0xf7537e82);
d=R4(d,a,b,c,X[i+11],10,0xbd3af235);
b=R4(b,c,d,a,X[i+ 9],21,0xeb86d391);

}
return hex(a)+hex(b)+hex(c)+hex(d);
}

</script>
<%
else

sMD5 = calcMD5(sInp)
'response.write "MD5 Hash: " & sMD5

end if

' -------------------------------------------------------------------------
' Retrieve the registration form fields and store them to local variables
' -------------------------------------------------------------------------

' -------------------------------------------------------------------------
' Open the connection
' -------------------------------------------------------------------------

'--------------------------------------------------------------------------
' Define the Connection String for the database object as the database string
'--------------------------------------------------------------------------
objConn.CursorLocation = 3
objConn.Open

'--------------------------------------------------------------------------
' Set the SQL Query
'--------------------------------------------------------------------------
strSQL = "SELECT * FROM SecureTable WHERE (UserName = '" & strLogin & "')"

'--------------------------------------------------------------------------
' Execute the query.
'--------------------------------------------------------------------------
RS.open strSQL, objConn

'--------------------------------------------------------------------------
' If there is no matching login name, or the password does not match,
' print an error to the visitor and stop the processing of this page.
'--------------------------------------------------------------------------
If RS.EOF <> FALSE Then
Response.End
End If

'Session("x") = RS("QTYLogged")

'--------------------------------------------------------------------------
' The user is validated, time to update the last login time. First close the
' old connection, now build the SQL query to insert the new record.
'--------------------------------------------------------------------------
RS.Close
'Dim x
'Dim y
'Dim z
'x = Session("x")
'y = 1
'z = x + Y
'strSQL = "UPDATE UserTable SET QTYLogged = '" & z & "' WHERE (UserName = '" & strLogin & "')"

'--------------------------------------------------------------------------
' Execute the query.
'--------------------------------------------------------------------------
'RS.open strSQL, objConn

'--------------------------------------------------------------------------
' Now redirect the user to the main page as a logged in user.
'--------------------------------------------------------------------------

Response.Redirect("default.asp")
%>
____________________________________________________________________________________________________

That is it!! Good luck.
0

LVL 6

Expert Comment

I know it is a lot of code, but just be patient and copy each portion to a new page and save it as an ASP page.

Any questions or problems, just let me know.

Keep in mind that you can use the MD5 and 256 security algoritms for anything not just login stuff.
0

LVL 12

Assisted Solution

to answer your question, there are 8 bits in a byte so 5 chars of 8 bits each = 40 bits (5*8)

128 = 16 chars * 8 bits
you'd need 16 characters.

I will say however that cjnsocal581 makes a good point - MD5 hashes are pretty common. - it's what I use to store passwords in my DB's

0

## Featured Post

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…