Password encryption / decryption between classic ASP and ASP.NET

Question

Password encryption / decryption between classic ASP and ASP.NET

I have 2 websites: one is written in classic asp and the other is written in ASP.NET (1.1 framework). Both applications use a login mechanism to verify user credentials based on a common database table. Passwords are still stored in a 1-way MD5 hash, which means that people need to be given a new generated password if they lose the old one. Now I want to change this and make the passwords decryptable.

I found this Rijndael code for use with classic asp: http://www.frez.co.uk/freecode.htm#rijndael

But I can not find the same solution for ASP.NET. I tried this, but it gives me different encryption and decryption results between classic asp and ASP.NET code:

        If Not String.IsNullOrEmpty(TextBox1.Text) And Not String.IsNullOrEmpty(TextBox2.Text) Then

        Dim password = TextBox1.Text
        Dim key = TextBox2.Text

        Dim keyGenerator = New Rfc2898DeriveBytes(key, 8)
        Dim r = New RijndaelManaged

        r.Mode = CipherMode.CBC
        r.Padding = PaddingMode.Zeros
        r.BlockSize = 256
        r.KeySize = 256
        r.FeedbackSize = 256

        r.IV = keyGenerator.GetBytes(CType(r.BlockSize / 8, Integer))
        r.Key = keyGenerator.GetBytes(CType(r.KeySize / 8, Integer))

        Dim transform As ICryptoTransform = r.CreateEncryptor()

        Dim encoded As Byte() = Encoding.ASCII.GetBytes(password)
        Dim target As Byte() = transform.TransformFinalBlock(encoded, 0, encoded.Length)

        TextBox3.Text = Encoding.ASCII.GetString(target)

    End If

, - iv, .

+3

cryptography asp.net asp-classic rijndaelmanaged rijndael

Stief Dirckx 05 . '09 9:14

3

Phil Fresle # , : http://www.frez.co.uk/csharp.aspx. - , , .

:

// Convert the input values to byte[] representing ASCII encoding.
// This is what the classic version does
byte[] dataToEncrypt = ASCIIEncoding.ASCII.GetBytes("Ryno");
byte[] password = ASCIIEncoding.ASCII.GetBytes("Saurus");

// Encrypt the data into an array of types
// Notice the block size is 256 bits and the initialization vector is empty.
byte[] results = Rijndael.EncryptData(
    dataToEncrypt,
    password,
    new byte[] { },  // Initialization vector
    Rijndael.BlockSize.Block256,  // Typically 128 in most implementations
    Rijndael.KeySize.Key256,
    Rijndael.EncryptionMode.ModeEBC 
);

// Convert bytes into a HEX string representation
StringBuilder hex = new StringBuilder(results.Length * 2);
foreach (byte b in results)
    hex.AppendFormat("{0:x2}", b);

// FINAL OUTPUT: This matches output of classic ASP Rijndael encryption
string hexEncodedString= hex.ToString();

128, 192 256. 128 . , 128 , , , , .

, .

Update

, 2 Gists:

ASP/VB: https://gist.github.com/ryno1234/2fc83faff281babea7f8
# ASP interop: https://gist.github.com/ryno1234/ea34415643d109974b6f

+4

Ryan Griffith 03 . '13 17:09

Since ASP classic has no built-in hash functions, you may have to port your MD5 VBScript code to your .NET language or use the generic cryptography component due to some error in your legacy code.

0

Rubens farias Nov 05 '09 at 9:21

source share

Patrick · Accepted Answer · 2009-11-06T20:05:10+0000

asp , , .net- CBC, . :

'3-Apr-2001: , / ' . '.

, .

, .net , , , . , , ... .

Password encryption / decryption between classic ASP and ASP.NET

Update

More articles: