Introduction
Do you have a website where users need to
login, and when they do you compare the password they enter with a
column in a usertable? Some people do logins like this. It's easy to program
and it works just fine. But what if someone got hold of the usertable and all
the passwords of everyone? You may want to hide or encrypt the passwords in
the usertable. Many programming languages have functions to do this. I make
ASP-webpages, and I haven't found any quick functions to do this. There are
plenty of components to do this, some free of charge even. But what if you
cant install components on the webserver
Here is a short and neat way to encrypt your
users passwords. You need two strings for it to work. Typically the username
and the password.
Code
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
If t>598.8 Then t = 598.8
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
If you want to test this function you can
create an asp-page and upload it to your website. Here's my codelisting to
encrypt.asp
<%
Function encrypt(x1, x2)
s = ""
t = 0
For i = 1 to len(x1)
t = t + asc(mid(x1,i,1))
Next
For i = 1 to len(x2)
y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
s = s & chr(y)
Next
For i = (len(x2) + 1) to 10
If t>598.8 Then t = 598.8
y = t^3*i mod 255
s = s & chr(y)
Next
encrypt = s
End Function
%>
<html>
<head>
<title>Encrypt</title>
</head>
<body>
<% If request.form("name") = "" Then %>
<form action="encrypt.asp" method="post">
<input type="text" name="name"><input type="text" name="pass">
<input type="submit">
</form>
<% Else %>
<% response.write encrypt(request.form("name"),request.form("pass")) %>
<% End If %>
</body>
</html>
Remarks
- The function is not reversible, so there is
no way to take the result and reverse it into the password. You will need to
recreate the password with a new one (some users seem to forget their
passwords and always wants it retreieved)
- This is not a high-level encryption, but
its good enough to hide it from lame hackers (hehe).
- The password is always sent from the user
inputpage to the page encrypting it. Somewhere in between a hacker can fetch
it. Secure zones (SSL) can remedy this.
- Feel free to use the code to whatever you
like. But if you alter it make a post in the thread related to this article so
we all can share the fun.