|
|||||||||
|
|||||||||
|
|||||||||
 |
|||||||||
| |
||
|
|
|
| ||||||||||||||||||||||||||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread |
Rating: 
|
Display Modes |
ASP Free Forums Sponsor:
|
|
|
|
#1
October 10th, 2005, 01:57 AM
|
||||
|
||||
|
ASP Classic: SHA1 hash
This SHA1 hash function is written in JavaScript, but VBScript can call its functions. The main reason I prefer this one is it has a BSD license.
Example: Code:
<!-- #include file = "hex_sha1_js.asp" -->
<%
Dim strPassWord, strHash
strPassWord = "abc"
strHash = hex_sha1(strPassWord)
Response.Write("<p><b>strPassWord:</b> " & strPassWord & "</p>")
Response.Write("<p><b>strHash:</b> " & strHash & "</p>")
%>
Code:
<script language="javascript" type="text/javascript" runat="server">
/*
* A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
* in FIPS PUB 180-1
* Version 2.1a Copyright Paul Johnston 2000 - 2002.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for details.
*/
/*
* Configurable variables. You may need to tweak these to be compatible with
* the server-side, but the defaults work in most cases.
*/
var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
var b64pad = "="; /* base-64 pad character. "=" for strict RFC compliance */
var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
/*
* These are the functions you'll usually want to call
* They take string arguments and return either hex or base-64 encoded strings
*/
function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));}
function b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));}
function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));}
function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));}
function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));}
function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));}
/*
* Perform a simple self-test to see if the VM is working
*/
function sha1_vm_test()
{
return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d";
}
/*
* Calculate the SHA-1 of an array of big-endian words, and a bit length
*/
function core_sha1(x, len)
{
/* append padding */
x[len >> 5] |= 0x80 << (24 - len % 32);
x[((len + 64 >> 9) << 4) + 15] = len;
var w = Array(80);
var a = 1732584193;
var b = -271733879;
var c = -1732584194;
var d = 271733878;
var e = -1009589776;
for(var i = 0; i < x.length; i += 16)
{
var olda = a;
var oldb = b;
var oldc = c;
var oldd = d;
var olde = e;
for(var j = 0; j < 80; j++)
{
if(j < 16) w[j] = x[i + j];
else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
safe_add(safe_add(e, w[j]), sha1_kt(j)));
e = d;
d = c;
c = rol(b, 30);
b = a;
a = t;
}
a = safe_add(a, olda);
b = safe_add(b, oldb);
c = safe_add(c, oldc);
d = safe_add(d, oldd);
e = safe_add(e, olde);
}
return Array(a, b, c, d, e);
}
/*
* Perform the appropriate triplet combination function for the current
* iteration
*/
function sha1_ft(t, b, c, d)
{
if(t < 20) return (b & c) | ((~b) & d);
if(t < 40) return b ^ c ^ d;
if(t < 60) return (b & c) | (b & d) | (c & d);
return b ^ c ^ d;
}
/*
* Determine the appropriate additive constant for the current iteration
*/
function sha1_kt(t)
{
return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
(t < 60) ? -1894007588 : -899497514;
}
/*
* Calculate the HMAC-SHA1 of a key and some data
*/
function core_hmac_sha1(key, data)
{
var bkey = str2binb(key);
if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz);
var ipad = Array(16), opad = Array(16);
for(var i = 0; i < 16; i++)
{
ipad[i] = bkey[i] ^ 0x36363636;
opad[i] = bkey[i] ^ 0x5C5C5C5C;
}
var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz);
return core_sha1(opad.concat(hash), 512 + 160);
}
/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
* to work around bugs in some JS interpreters.
*/
function safe_add(x, y)
{
var lsw = (x & 0xFFFF) + (y & 0xFFFF);
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xFFFF);
}
/*
* Bitwise rotate a 32-bit number to the left.
*/
function rol(num, cnt)
{
return (num << cnt) | (num >>> (32 - cnt));
}
/*
* Convert an 8-bit or 16-bit string to an array of big-endian words
* In 8-bit function, characters >255 have their hi-byte silently ignored.
*/
function str2binb(str)
{
var bin = Array();
var mask = (1 << chrsz) - 1;
for(var i = 0; i < str.length * chrsz; i += chrsz)
bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
return bin;
}
/*
* Convert an array of big-endian words to a string
*/
function binb2str(bin)
{
var str = "";
var mask = (1 << chrsz) - 1;
for(var i = 0; i < bin.length * 32; i += chrsz)
str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask);
return str;
}
/*
* Convert an array of big-endian words to a hex string.
*/
function binb2hex(binarray)
{
var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var str = "";
for(var i = 0; i < binarray.length * 4; i++)
{
str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
}
return str;
}
/*
* Convert an array of big-endian words to a base-64 string
*/
function binb2b64(binarray)
{
var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx yz0123456789+/";
var str = "";
for(var i = 0; i < binarray.length * 4; i += 3)
{
var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16)
| (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 )
| ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF);
for(var j = 0; j < 4; j++)
{
if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
}
}
return str;
}
</script>
__________________
John Shepard Beyond The Impossible ----------------------------- Has a post helped you? Please show your apprecitation by clicking the  image in the right upper corner.Posting code? Put your code between [code] and [/code] tags. X-Login and X-Send
|
|
#3
February 2nd, 2006, 09:40 AM
|
|||
|
|||
Slight correction to the code provided
Hi There,
It is greatly appreciated that you have posted this sample code! Just one little thing to note. In the following line there are spaces that need to be removed for the code to function properly: var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx yz0123456789+/"; The 2 spaces between "x" and "y" need to be removed, otherwise the signature generated is incorrect. Just so you all know... Cheers!
|
|
#4
March 6th, 2007, 11:29 AM
|
|||
|
|||
|
Can you have two password strings?
Code:
<%@Language=VBScript%>
<%Response.Buffer = True%>
<html>
<body>
<!-- #include file = "hex_sha1_js.asp" -->
<%
set cnn = server.createobject("adodb.connection")
cnn.open application("dcgsOnline")
Dim strPassWord, strHash
strPassWord = "abc"
strHash = hex_sha1(strPassWord) <----- Type mismatch: 'hex_sha1'
Response.Write("<p><b>strPassword:</b> " & strPassword & "</p>")
Response.Write("<p><b>strHash:</b> " & strHash & "</p>")
%>
<%
set cnn = server.createobject("adodb.connection")
cnn.open application("xxxxXXXX")
UserName = Replace(Trim(Request.Form("username")), "'", "''")
PassWord = Replace(Trim(Request.Form("password")), "'", "''")
If UserName = "" OR PassWord = "" Then Response.Redirect "error.asp" <--- Is this password conflicting with the first string password?
SQL = "Select * From users"
Set RS = cnn.Execute(SQL)
While Not RS.EOF
If username = RS("username") And password = RS("password") Then
Session("allow") = True
Session("clearance") = RS("Clearance")
Session("username") = RS("UserName")
Session("user_id") = RS("user_id")
Session("fname") = RS("fname")
Session("lname") = RS("lname")
Session("email") = RS("email")
Session("cala") = RS("cala")
Session("usc") = RS("usc")
Session ("cipt") = RS ("cipt")
Session ("board") = RS ("board")
Session ("tande") = RS ("tande")
Session ("foreignna") = RS ("foreignna")
Session ("clearance") = RS ("clearance")
Level = RS("Clearance")
End If
RS.MoveNext
Wend
RS.Close
cnn.Close
Set RS = Nothing
Set cnn = Nothing
If Session("allow") = True Then
If Level = 3 Then Response.Redirect "index.asp"
If Level = 4 Then Response.Redirect "admin.asp"
Else
Response.Redirect "error.asp"
End If
%>
TIA, Lori
|
|
#5
March 7th, 2007, 10:44 AM
|
|||
|
|||
|
What is your question/problem?
__________________
CyberTechHelp
|
|
#6
March 7th, 2007, 12:40 PM
|
|||
|
|||
|
How do I declare two password types in the same script - nvarchar and string?
|
|
#8
March 8th, 2007, 08:27 AM
|
|||
|
|||
|
How would I do that?
|
|
#9
March 8th, 2007, 10:44 AM
|
|||
|
|||
|
Sorry, i misread your previous post.
Quote:
What do you mean? If you want to call different functions then create a new variable. Code:
Dim strPassWord, strHash
strPassWord = "abc"
strHash1 = hex_sha1(strPassWord)
strHash2 = str_sha1(strPassWord)
Response.Write("<p><b>strPassWord:</b> " & strPassWord & "</p>")
Response.Write("<p><b>strHash1:</b> " & strHash1 & "</p>")
Response.Write("<p><b>strHash2:</b> " & strHash2 & "</p>")
|
|
#10
March 8th, 2007, 11:11 AM
|
|||
|
|||
|
Request Query String
I forgot to add the 'request query string'
Code:
strPassWord = Request.QueryString("abc")
strHash = Request.QueryString ("hex_sha1 strPassWord")
It seems to run flawlessly (without type mismatch errors) now 
|
|
#11
March 13th, 2009, 10:07 AM
|
|||
|
|||
|
SSHA passwords - suitable for LDAP
I was looking for something to help change passwords in OpenLDAP, and the scripts above are definitely a piece to that puzzle. But, I wanted salted SHA passwords, so I made a few additions/changes to the scripts provided above, and I thought I'd share what I created yesterday.
I took the output from the page, pasted into a test user's OpenLDAP password field, and then successfully authenticated against the new password field. Enjoy! -Scott Example: Code:
<!-- #include file = "hex_sha1_js.asp" -->
<%
Dim strPassWord, strHash, strSalt, strB64
strPassWord = "abc"
strB64 = b64_sha1(strPassWord)
Response.Write("<p><b>strPassWord:</b> " & strPassWord & "<br>")
Response.Write("<b>sha:</b> " & strB64 & "<br>")
strB64 = b64_ssha(strPassWord)
Response.Write("{SSHA}" & strB64 & "<br></p>")
%>
Code:
<script language="javascript" type="text/javascript" runat="server">
/*
* A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
* in FIPS PUB 180-1
* Version 2.1a Copyright Paul Johnston 2000 - 2002.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for details.
*/
/*
* Configurable variables. You may need to tweak these to be compatible with
* the server-side, but the defaults work in most cases.
*/
var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
var b64pad = "="; /* base-64 pad character. "=" for strict RFC compliance */
var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
/*
* These are the functions you'll usually want to call
* They take string arguments and return either hex or base-64 encoded strings
*/
function get_sha1_hash(s) { return core_sha1(str2binb(s),s.length * chrsz); }
function hex_sha1(s){return binb2hex(get_sha1_hash(s));}
function b64_sha1(s){return binb2b64(get_sha1_hash(s));}
function str_sha1(s){return binb2str(get_sha1_hash(s));}
function create_random_salt(d) {
// Salts of 4, 8, 12, 16 etc. seem to work just fine in LDAP.
// There's probably an upper limit, but I didn't look for that...
if (typeof d == "undefined") { //if d isn't specified, make it 4
d = 4;
}
//If a number is not a multiple of 4, make it a multiple of 4
if(d % 4 != 0) {
d-=(d%4);
}
//To create the salt, we're taking the raw string sha1 hash of the string
//representation of the random number returned by Math.random()
//note that this creates salts that include unprintable characters...
buglystr=binb2str(get_sha1_hash("0"+Math.random()));
return buglystr.substring(0,d);
}
function b64_ssha(s){
t = create_random_salt();
saltedpass=s + t;
hashstr = binb2str(get_sha1_hash(saltedpass)) + t;
return binb2b64(str2binb(hashstr));
}
function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));}
function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));}
function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));}
/*
* Perform a simple self-test to see if the VM is working
*/
function sha1_vm_test()
{
return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d";
}
/*
* Calculate the SHA-1 of an array of big-endian words, and a bit length
*/
function core_sha1(x, len)
{
/* append padding */
x[len >> 5] |= 0x80 << (24 - len % 32);
x[((len + 64 >> 9) << 4) + 15] = len;
var w = Array(80);
var a = 1732584193;
var b = -271733879;
var c = -1732584194;
var d = 271733878;
var e = -1009589776;
for(var i = 0; i < x.length; i += 16)
{
var olda = a;
var oldb = b;
var oldc = c;
var oldd = d;
var olde = e;
for(var j = 0; j < 80; j++)
{
if(j < 16) w[j] = x[i + j];
else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
safe_add(safe_add(e, w[j]), sha1_kt(j)));
e = d;
d = c;
c = rol(b, 30);
b = a;
a = t;
}
a = safe_add(a, olda);
b = safe_add(b, oldb);
c = safe_add(c, oldc);
d = safe_add(d, oldd);
e = safe_add(e, olde);
}
return Array(a, b, c, d, e);
}
/*
* Perform the appropriate triplet combination function for the current
* iteration
*/
function sha1_ft(t, b, c, d)
{
if(t < 20) return (b & c) | ((~b) & d);
if(t < 40) return b ^ c ^ d;
if(t < 60) return (b & c) | (b & d) | (c & d);
return b ^ c ^ d;
}
/*
* Determine the appropriate additive constant for the current iteration
*/
function sha1_kt(t)
{
return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
(t < 60) ? -1894007588 : -899497514;
}
/*
* Calculate the HMAC-SHA1 of a key and some data
*/
function core_hmac_sha1(key, data)
{
var bkey = str2binb(key);
if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz);
var ipad = Array(16), opad = Array(16);
for(var i = 0; i < 16; i++)
{
ipad[i] = bkey[i] ^ 0x36363636;
opad[i] = bkey[i] ^ 0x5C5C5C5C;
}
var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz);
return core_sha1(opad.concat(hash), 512 + 160);
}
/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
* to work around bugs in some JS interpreters.
*/
function safe_add(x, y)
{
var lsw = (x & 0xFFFF) + (y & 0xFFFF);
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xFFFF);
}
/*
* Bitwise rotate a 32-bit number to the left.
*/
function rol(num, cnt)
{
return (num << cnt) | (num >>> (32 - cnt));
}
/*
* Convert an 8-bit or 16-bit string to an array of big-endian words
* In 8-bit function, characters >255 have their hi-byte silently ignored.
*/
function str2binb(str)
{
var bin = Array();
var mask = (1 << chrsz) - 1;
for(var i = 0; i < str.length * chrsz; i += chrsz)
bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
return bin;
}
/*
* Convert an array of big-endian words to a string
*/
function binb2str(bin)
{
var str = "";
var mask = (1 << chrsz) - 1;
for(var i = 0; i < bin.length * 32; i += chrsz)
str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask);
return str;
}
/*
* Convert an array of big-endian words to a hex string.
*/
function binb2hex(binarray)
{
var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var str = "";
for(var i = 0; i < binarray.length * 4; i++)
{
str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
}
return str;
}
/*
* Convert an array of big-endian words to a base-64 string
*/
function binb2b64(binarray)
{
//Split this line to keep the forum from adding spaces inappropriately.
var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"+
"abcdefghijklmnopqrstuvwxyz"+
"0123456789+/";
var str = "";
for(var i = 0; i < binarray.length * 4; i += 3)
{
var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16)
| (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 )
| ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF);
for(var j = 0; j < 4; j++)
{
if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
}
}
return str;
}
</script>
|
|
| Viewing: ASP Free Forums > Programming > Code Bank > ASP Classic: SHA1 hash |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
