• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2391
  • Last Modified:

ASP Classic and AES or MD5 Encryption with salt

Hello,

I've just registrered an account here today, hoping that some of you can help me with this problem. and a lot of searches through google always ended up here :)

I'm looking for a method to encrypt my users passwords on a website i'm developing.
I've searched through google, and haven't found anything that's useable - unfortunately
The website rossmt.net isn't working anymore. ( http://rossm.net/electronics/computers/software/ASP/ )

My current encryption method is MD5, but to make it more "secure" I would like to add a salt value which is encrypted with the MD5 Hash, which I also haven't found a way to do.

AES could also be a solution, but I haven't found a function which is asp classic supported.

Do any of you know a way of encrypting either via MD5 Hashing or AES with salt, since my webhost doesn't have the aspencrypt component installed ?

Or perhaps you can recommend an other solution for a good way of encrypting a users password.

Best regards
X
0
Xcudo
Asked:
Xcudo
  • 2
  • 2
1 Solution
 
MorcalavinCommented:
Here is a pure asp method for getting an MD5 Digest(I haven't tried it, so I don't know if it works).  It doesn't support adding a salt, but you could always just append a constant string to the end of the passwords.  Not as secure, but it should do the trick.

http://userpages.umbc.edu/~mabzug1/cs/md5/md5.asp


Usage:
MD5(message)
'or
MD5(message + someSaltConstant)  'not a true salt, but would make a dictionary attack much less likely, especially if the salt is something like "_a7Qd" or something bizarre.

Here is a list of other sites as well:
http://classicasp.aspfaq.com/components/how-do-i-handle-md5-from-asp.html
0
 
MorcalavinCommented:
I just tried the above link on my server.  It's actually much faster than I had anticipated, although may not hold up under a lot of stress.
0
 
XcudoAuthor Commented:
Thanks Morcalavin.
Do you happen to know a site where I can find a way to use AES encryption for asp classic ?

Best regards
X
0
 
SuvigyaCommented:
See if this helps..

http://www.rodsdot.com/ee/AES.asp
0
 
XcudoAuthor Commented:
Thanks alot Suvigya for this contribution for my sub question.

Best regards
X
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now