Saving password as an encrypted string

Neil G Jarman wrote on 25 apr 2006 in
microsoft.public.inetserver.asp.general:

I would like to save my user's passwords as an encrypted sting.

Are their built in functions for doing this?

It's not financial data or anything, just to keep away prying eyes.

Prying eyes on the server?

That is not usefull, since anyone having access to the server can insert a
password bypassing backdoor.

Perhaps Rot13 will be enough?

Function ROT13(szInput)
txt = ""
coding =
"ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMabcdefghij klmnopqrstuvwxyzabcdefghi
jklm"
For i = 1 To Len(szInput)
character = Mid(szInput, i, 1)
position = InStr(coding, character)
If position > 0 Then character = Mid(coding, position + 13, 1)
txt = txt & character
Next
ROT13 = txt
End Function
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.242...

Neil G Jarman wrote on 25 apr 2006 in
microsoft.public.inetserver.asp.general:

I would like to save my user's passwords as an encrypted sting.

Are their built in functions for doing this?

It's not financial data or anything, just to keep away prying eyes.

Prying eyes on the server?

That is not usefull, since anyone having access to the server can insert a
password bypassing backdoor.

Perhaps Rot13 will be enough?

Function ROT13(szInput)
txt = ""
coding =
"ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMabcdefghij klmnopqrstuvwxyzabcdefghi
jklm"
For i = 1 To Len(szInput)
character = Mid(szInput, i, 1)
position = InStr(coding, character)
If position > 0 Then character = Mid(coding, position + 13, 1)
txt = txt & character
Next
ROT13 = txt
End Function
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Hi Evertjan,

Thanks for the code - yes that's probably enough.

My ony concern is that staff who have access to Enterprise Manager cold look
up the passwords of senoir managers. Best to keep them obscure.

Cheers,

NEIL

Neil G Jarman wrote:

Thanks for the code - yes that's probably enough.

My ony concern is that staff who have access to Enterprise Manager
cold look up the passwords of senoir managers. Best to keep them
obscure.

If that is your concern, then take the correct approach -- store hashed
values, not passwords. When authenticating, compared hashed inputs to the
stored hashed values.
http://en.wikipedia.org/wiki/Hashing

Here is one way to do this: http://www.codeproject.com/database/xp_md5.asp

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

I wrote:

If that is your concern, then take the correct approach -- store
hashed values, not passwords. When authenticating, compared hashed
inputs to the stored hashed values.
http://en.wikipedia.org/wiki/Hashing

Here is one way to do this:
http://www.codeproject.com/database/xp_md5.asp

Also, if you are using SQL Server 2005, you can use the native HashBytes
function: http://msdn2.microsoft.com/en-us/lib...5(SQL.90).aspx

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

Snitz forums use sha256. I think its similar to the hash method
mentioned above. google search:
http://www.google.com/search?q=sha25...en-US:official