Mark Voss

Encrypting usernames and passwords

Encrypting usernames and passwords

Using md5 and sha1 hash functions

If you’re using a login script on your site you probably store usernames and passwords in a database for authenticating the login. For security reasons, you should never store these as plain text but should encrypt them with a one-way hash function such as md5 or sha1. As neither of these funtions are included with ASP, you’ll need to download and unzip the hash function you want to use and upload it to your webspace.

To use the functions, include one of the files in the pages you want to use hashing with.

<!--#include file="md5.asp"--> or <!--#include file="sha1.asp"-->

Then you simply call the function with either: <pre> <% MD5(“string”) or SHA1(“string”) %> </pre> For example, if you wanted to encrypt a Username and Password on a signup form, you would collect the Username and Password from the submitted form, hash them and then insert the hashed values into your database.

strHashedUsername = MD5(Request.Form("Username"))
strHashedPassword = MD5(Request.Form("Password"))

To authenticate a user who is attempting to sign in, Hash the username and Password from the form and compare these with the strHashedUsername and strHashedPassword stored in your database.

If a user forgets their password you’ll need to generate a new, pseudo-random password for the user as hashing is one-way can’t be unencrypted.


Leave a Reply

Your email address will not be published. Required fields are marked *