View Full Version : a hashing function you would recommend

11-06-2003, 11:53 AM

I was wondering if someone is using a hashing function that he would recommend. I wouldn't dream of writing my own at my level of knowledge but I would need one before populating my DB in order to avoid problems like re-recording all data when starting to use a hashing function after that the DB has already started to be populated. I've performed a search on CF about this topic but I can't find such an advice; PHP is obvioulsy more "user-friendly" in terms of writing hashing function but since I'm using ASP that obviously won't make it...

So I'll formulate my question like this:

-Do you (you or someone you know) use a hashing function that you're happy with? I'm probably going to get one on hotscripts.com but if you have one to recommend... Just let me know...

thanx for any advices

11-06-2003, 02:11 PM
If you want to try to attack it yourself here is a good explaination in ASP


11-06-2003, 02:15 PM
mmmh... very cool article... nice reading. Thanx a lot A1ien51 :)

11-06-2003, 03:33 PM
I'm using the MD5-function from this site: http://www.frez.co.uk/freecode.htm#md5

There is also a SHA256-function on that site but I haven't tried it so I can't say if it's good or not.

11-06-2003, 06:26 PM
thanx a lot Caffeine :thumbsup: very interesting code to look at... If you're using it I guess you're satified with it since you don't give comments on any downside that this code could have. Any more propositions are still welcome :)

11-06-2003, 06:28 PM
Never usded one in ASP.

I would vote sha2, since md5 seems to be compromised. If you later would want to apply for VISA-transactions, then you can't use md5. Probably a bit accademic but you might as well choose a function that wount limit you further down the road.

Also search the MySQL forum for sha2. I've posted some thoughts on it there.
Hashings real power is that you can be sure that the content wasn't intercepted and altered during transport, but hashing passwords doesn't realy provide much extra security, unless you apply a 'secret' userspecific salt that isn't stored in the db. (but that maybe is stored on the clients machine or so).

11-06-2003, 06:40 PM
thanx a lot for input raf :thumbsup: I'll check the MySql forum for this info.

btw, nice to see you here again... It has been like... 2 weeks that I haven't seen you here in the ASP forum right? huge workload? ;)

11-07-2003, 03:39 PM
You can find an SHA hash function coded in server-side JScript here:


Check the section entitled "Password Encryption" on page 2.

If you're using ASP.Net, you can use System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile, see:


11-07-2003, 04:58 PM
thanx a lot Brainjar, really helpfull :thumbsup: