Is there a way to hashed a password using BCrypt in classic ASP?

Question

Is there a way to hashed a password using BCrypt in classic ASP?

I have an older site running on classic ASP. I want to start password hashing, as they store plain text on the server right now. I used BCrypt hashing with PHP on a separate site and was hoping to find something similar for classic ASP.

Side question: I have a library that works with PHP on a classic ASP site. Can I run a PHP password hashing solution or would it be poorly informed?

+4

security passwords bcrypt hash asp-classic

patrick smith Feb 11 '14 at 19:46

source share

4 answers

Kenny , .NET SHA512Managed, , . zapped .

Function Hash(stringToHash, salt)

    const SITE_WIDE_SALT = "THIS IS A SITE WIDE SALT, BUT COULD BE A GUID"

    dim objUnicode : set objUnicode = CreateObject("System.Text.UnicodeEncoding")
    dim objSHA512 : set objSHA512 = Server.CreateObject("System.Security.Cryptography.SHA512Managed")

    dim saltedString : saltedString = SITE_WIDE_SALT & stringToHash & salt
    dim arrByte : arrByte = objUnicode.GetBytes_4(saltedString)
    dim strHash : strHash = objSHA512.ComputeHash_2((arrByte))

    Hash = ToBase64String(strHash)

    set objUnicode = nothing
    set objSHA512 = nothing
End Function


' Helper method for function SHA512Hash
Function ToBase64String(rabyt)

    'Ref: http://stackoverflow.com/questions/1118947/converting-binary-file-to-base64-string
    dim xml : set xml = CreateObject("MSXML2.DOMDocument.3.0")
    xml.loadXml "<Root></Root>"
    xml.documentElement.dataType = "bin.base64"
    xml.documentElement.nodeTypedValue = rabyt

    ToBase64String = Replace(xml.documentElement.Text, vbLf, "")

    set xml = nothing
End Function

, Hash .

dim hashedPassword
hashedPassword = Hash(password, "some random salt value")

+3

Keith 01 . '15 19:28

, BCrypt.Net ASP.

, .NET ASP-.

, BCrypt.Net, COM- BCrypt.Net, ASP- :

Dim objBCrypt
Set objBCrypt = CreateObject("BCryptComInterface")

Dim strHash
Set strHash = objBCrypt.HashPassword(the_password_to_be_hashed)

, BCrypt BCrypt.Net.BCrypt HashPassword; , HashPassword COM .NET, . [ HashPassword_2 HashPassword_3. . SO .net - COM- (CCW) - IDispatch (_2, _3, ..) .]

, , .

+2

Kenny Evitt 09 . '14 13:56

source share

I created a COM DLL that allows you to use Bcrypt in Classic ASP:

https://github.com/as08/ClassicASP.Bcrypt

I also created a similar COM DLL for Argon2 and PBKDF2:

https://github.com/as08/ClassicASP.Argon2

https://github.com/as08/ClassicASP.PBKDF2

Installation instructions and code examples are available on GitHub

0

Adam Jan 31 '19 at 19:24

source share

Paul · Accepted Answer · 2014-02-12T19:50:32+0000

OP , OP ( : bcrypt).

, ASP, , lbiraries.

, , sha1, http://forums.aspfree.com/code-bank-54/asp-classic-sha1-hash-82166.html ( ), - -.

<%
    Dim strPassWord, strHash, salt
    salt = "6XBMkpz39m8RFCpwt1Cofzbg1TTIN7yTGzMlayIfy9yBOPgX2zhfXM9X5mqv8HT6"
    strPassWord = "secret"
    strHash = hex_sha1(strPassWord & salt)

    Response.Write("<p><b>strPassWord:</b> " & strPassWord & "</p>")
    Response.Write("<p><b>strHash:</b> " & strHash & "</p>")
%>

#, Javascript, Python .. , - - ASP - , .

Is there a way to hashed a password using BCrypt in classic ASP?

More articles: