August 8, 2004 at 8:02 am
Hi
I would like to know about storing registered users passwords as a hash rather than as plain text. I am not talking about SQL Server logins. I am talking about storing usernames and passwrods of registered visitors to a site and storing their passwords in a column in a table.
August 9, 2004 at 1:39 am
I do something similar using a web CMS and a built in DES encryption algorithm.
A consideration is whether or not you need to recover the passwords in a human readable format such as for a "forgotten" password facility.
If you don't then all you need to do is write code that checks the stored encrpted password with the encrypted version of what the user has just entered.
I tend to put password and encryption stuff into a DLL but that DLL can retrieve the seed string that is used as the private key for the password. Only the DLL has access to that particular string.
August 9, 2004 at 2:50 am
Thanks David... In this application I don't need to deal with a human readable format. Would you make the detail of what you do available to so that I can give it a try?
What I have gleaned is that using the pwdencrypt and pwdcompare functions in SQL Server is fraught with danger because MS changes the algorithm with service packs and some writers have reported that their db is unusable to their users once they have installed the service packs.
August 9, 2004 at 4:12 am
The particular routine was in-built into the CMS but here is something similar that we used as the base to a VB solution
Attribute VB_Name = "mEncryption"
Option Explicit
Private sbox(255)
Private key(255)
Const encyptPassword = "T4spxvYz375mg86b15L"
Private Sub RC4Initialize(ByVal strPwd As Variant)
'
' Decription:- This routine called by EnDeCrypt function. Initializes both the
' sbox and the key arrays
'
' Arguments:-
' strPwd = Password key
'
'
Dim tempSwap
Dim intLength
Dim a
Dim b
intLength = Len(strPwd)
For a = 0 To 255
key(a) = Asc(Mid(strPwd, (a Mod intLength) + 1, 1))
sbox(a) = a
Next
b = 0
For a = 0 To 255
b = (b + sbox(a) + key(a)) Mod 256
tempSwap = sbox(a)
sbox(a) = sbox(b)
sbox(b) = tempSwap
Next
End Sub
Public Function EnDeCrypt(ByRef plaintxt As Variant) As Variant
'
' Description:- This routine does all the work. Call it both to ENcrypt
' and to DEcrypt your data.
'
' Arguments:-
' plaintext = The supplied string to be either encrypted or decrypted
'
'
Dim temp
Dim a
Dim i
Dim j
Dim k
Dim cipherby
Dim cipher
i = 0
j = 0
RC4Initialize encyptPassword
For a = 1 To Len(plaintxt)
i = (i + 1) Mod 256
j = (j + sbox(i)) Mod 256
temp = sbox(i)
sbox(i) = sbox(j)
sbox(j) = temp
k = sbox((sbox(i) + sbox(j)) Mod 256)
cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
cipher = cipher & Chr(cipherby)
Next
EnDeCrypt = cipher
End Function
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply