?
Solved

3DES encryption for single sign on (sso) in ASP

Posted on 2011-10-27
13
Medium Priority
?
2,317 Views
Last Modified: 2013-11-25
I want to Use 3DES encryption (168 bit) for single sign on (sso) in classic ASP. I require an function or script which encrypt / decryption the user string through 3DES.
0
Comment
Question by:Vivek Agarwal
  • 6
  • 4
10 Comments
 
LVL 35

Expert Comment

by:Slick812
ID: 37060215
greetings vivek2575, I am posting here mostly because no one else has a comment yet.
Are you still HERE ? ?

I must ask you, Why you want to use the old and out dated triple DES ? ?  You should be using a slightly more upto date encryption like AES, Twofish or Serpent encryption. Why triple DES when you can use faster more secure encryption ? ?

you might look at these -
http://www.rodsdot.com/asp/AES-Encryption-Using-ASP.asp

and

http://blog.ryeol.com/6

for some AES encryption stuff, I have not used them, but it's a place to start
0
 

Author Comment

by:Vivek Agarwal
ID: 37060855
Thanks for Suggestion Slick812,

Using triple DES is client requirement, they provide us encrypted UID string using 3DES.

The UID(user credentials) passed by Client will be encrypted using 3DES in CBC mode with PKCS5 padding. Three keys and Initialization vector will be provided by Client before implementation.
we must decrypt that UID to get user sign on credentials. then we verify the user credentials from our database and allow website access to user.  

I require a function for decrypt 3DES like function giving for AEC in your first link (asplibrary.asp)    

Hope you understand my point.
0
 
LVL 35

Expert Comment

by:Slick812
ID: 37063144
Yes , I understand, , sorry but I do not know of any triple DES for you to use. I do have some experience in trying to match encryption methods from different sources, since you have a specific triple DES that encrypts the user sign on credentials, it is Best if you use the exact same method (software) to decrypt as is used to encrypt them. You have a spec that describes the encryption as "3DES in CBC mode with PKCS5 padding", however not all encryption with those same specs will have identical input and output, that works in two separately created software packages because of subtle differences in development. If you can you should try and use the encryption package that they use to encrypt it. Or ask the developers what others are using to decrypt their user credentials. As I have said, they really should consider updating their encryption to a more recent and secure method, the triple DES uses only an 8 byte block for encryption, usually not a big challenge for todays cryptographers.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:Vivek Agarwal
ID: 37064069
when UID not decrypt properly then we will contact client for his encryption software details but I think this problem will not arise. Similer work for MD5 decryption work done successfully in previous assignment.
0
 
LVL 35

Expert Comment

by:Slick812
ID: 37064233
OK, you might do a web search engine for classic ASP and triple DES, seems like there would be something you could use, I just would not ever consider using triple DES at this point in time. MD5 is very much more common to use than triple DES, so many developers test their MD5 with other MD5 programs, many encryption developers never test their products except with their own builds.
0
 

Author Comment

by:Vivek Agarwal
ID: 37065424
Actually I have 3DES encryption problem solution in DotNet which supports cryptography class, but I am less interested to use dll.
Some times permission issues arise in ASP, thats why I am searching 3DES function in vbscript.
0
 
LVL 35

Expert Comment

by:Slick812
ID: 37069962
good luck with finding a solution, I would guess that if an expert here has anything they would have posted something by now, so you might want to consider using the  dll?
signing off on this one.
0
 

Author Comment

by:Vivek Agarwal
ID: 37070630
I will wait for one more day for 3DES function.
0
 

Accepted Solution

by:
Vivek Agarwal earned 0 total points
ID: 37086612
0
 

Author Closing Comment

by:Vivek Agarwal
ID: 37105906
not extact but near to my requirement solution.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question