Storing passwords in a database

Hello!

We have a user register in a SQL server database. The users passwords are
currently stored in varchar fields in clear text! We now want to store these
passwords in encrypted form. What is the best way to do this?

I found the code below for encrypting/decrypting strings, would this be a
good way to do it? Is there any problems with the encrypted string
containging ascii zeroes and inserting them into the varchar string?

Is there another better way to do it?

Regards Mikael


'Create a Passport object
Dim oMgr
Set oMgr = Server.CreateObject("Passport.Manager")
Dim oCrypt
Set oCrypt = Server.CreateObject("Passport.Crypt")
Dim thisURL
thisURL="http://"; & Request.ServerVariables("SERVER_NAME") &
Request.ServerVariables("SCRIPT_NAME")
If oMgr.IsAuthenticated(3600,False,False) then
'Set the sign-out URL - return to the Default.asp
ruURL = Server.URLEncode ("http://"; &
Request.ServerVariables("SERVER_NAME") & "/Brief/default.asp")
Else
'Set the sign-in URL - stay on this page
ruURL = thisURL
End if
Response.Write ("<DIV Style = 'position:absolute; right:50px'>" &
oMgr.LogoTag2(ruURL,3600,False,"nada",1033,False) & "</DIV>")
If oMgr.IsAuthenticated(3600,False,False) Then
Response.Write ("You are authenticated")
'Define and display original string
Dim mystring
mystring = "This is a string to be compressed, encrypted, transmitted,
decrypted, and finally decompressed."
Response.Write ("<br>Original string: " & mystring)

'Compress and Encrypt the string
mystring = oCrypt.Compress(mystring)
mystring = oCrypt.Encrypt(mystring)

'This is where the encrypted string would be transmitted over the wire

'Decrypt, Decompress, and display the string
mystring = oCrypt.Decrypt(mystring)
mystring = oCrypt.Decompress(mystring)
Response.Write ("<br>Reconstructed string: " & mystring)

Else
Response.Write ("<br>You have not been authenticated within the last hour.
Please sign in or exit.")
End If


.

Relevant Pages