you could do a series of replaces when a password is entered so that it converts say, "password" to "wnggtcrs" as in replace p with w, a with n, s with g... that kind of thing. That would mean that the database would contain only nonsense passwords that someone who couldnt see the asp replace code wouldn't have the real password.
Something like this would do you:
var passwordvariable
passwordvariable = request.form("passwordfield")
passwordvariable = Replace(passwordvariable, "a", "b")
the above would replace all a's in the password with b's...
It would mean you would have to do a replace line of code for every single valid character... but the chances of breaking a replacement cypher on something as short as a password is fairly low.
You could add another level (no idea what the syntax would be, or if it is even possible - suggestions anyone) and basically have a different replacement cypher depending on the number of characters in the password, which would make it harder again if someone gt their hands on your database.
As for an encrypt using matrices, it would be a matter of creating a number of variables (dependant on the number of characters in the pw), assign the letters of the pw to those variables after converting them to number form, and then doing the whole matrix multiplication thing which i for the life of me can't remember. The you'd have a problem with getting the numbers to string together one after another instead of just adding up, though it is possible.
regardless of what type ou wanted to use if any you would just have the post-cypher password in your database. again, that assumes that you're just wanting to stop people from getting login details from looking at the db... if they could see the asp it'd just take them a few minutes to track down and determine a replace cypher. On the other hand, even if someone had the matrix cypher, they'd have to recognise the code as a vb version of a matrix, then work out the reverse cypher. Even then i they could only see one of the asp or db, it'd be no help to them.
I hope that at least gave you some ideas. Anything more complex than that and you'd probably need to spend more time than was worth it considering the cost of buying an encryption. That's probably the case for the matrix cypher, because that's as complex as hell, and its liekly that that is the kind of cypher that you'd be paying for with aspEncrypt, considering most (ass cover, cos there may be something new i don't know of) modern cyphers are matrix cyphers.
oh, and you'd have to do the replace when doing anything with the password, whether it be validating or creating it...
Edited by ub3rl337ch3ch - 16 March 2005 at 1:08am
Topic Options
Post Options
Thanks(0)
