ASPPY.crypto
The ASPPY.crypto namespace provides modern, secure cryptography utilizing the Python bcrypt module. This is heavily recommended over legacy MD5 or SHA1 hashing techniques common in older VBScript apps.
Methods
| Method | Description |
|---|---|
Hash(password, [rounds=10]) |
Hashes a plaintext password using bcrypt. The salt is automatically generated. The result is a safe string intended for database storage. rounds specifies the work factor (default is 10, acceptable range 4..31). |
Verify(password, hashed) |
Safely compares a plaintext password against a previously generated bcrypt hash. Returns True if they match, and False otherwise. |
Sample Code
<%
Dim password, hashedPw, isValid
password = "SuperSecretPassword123!"
' 1. Hash the password (e.g., during Registration)
' We'll use a work factor of 12 for strong security
hashedPw = ASPPY.crypto.Hash(password, 12)
Response.Write "Secure Bcrypt Hash: " & hashedPw & "<br>"
' Output Example: $2b$12$R9h/cIPz0gi.URNNX3kh2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW
' 2. Verify the password (e.g., during Login)
isValid = ASPPY.crypto.Verify(password, hashedPw)
If isValid Then
Response.Write "<strong style='color:green;'>Password verified successfully!</strong><br>"
Else
Response.Write "<strong style='color:red;'>Invalid password.</strong><br>"
End If
' 3. Verify a bad attempt
isValid = ASPPY.crypto.Verify("WrongPass", hashedPw)
If Not isValid Then
Response.Write "Correctly rejected bad password attempt."
End If
%>