Skip to content

PBKDF2 hashing algorithm implemented in VBscript for Classic ASP using a COM DLL

License

Notifications You must be signed in to change notification settings

as08/ClassicASP.PBKDF2

Repository files navigation

This is a Component Object Model (COM) Dynamic-link library (DLL) coded in C# that can be set in Classic ASP using VBscripts "CreateObject" method and allows you to compute PBKDF2 hashes.

PBKDF2 (Password-Based Key Derivation Function 2) is key derivation function with a sliding computational cost, aimed to reduce the vulnerability of encrypted keys to brute force attacks. RFC 8018 recommends PBKDF2 for password hashing

https://en.wikipedia.org/wiki/PBKDF2

Uses CryptoHelper (a Standalone password hasher for ASP.NET Core using a PBKDF2 implementation) by henkmollema https://github.com/henkmollema/CryptoHelper

Also see:

https://github.com/as08/ClassicASP.Argon2

https://github.com/as08/ClassicASP.Bcrypt

For a Classic ASP password hashing class that uses this COM DLL, see:

https://github.com/as08/ClassicASP.PasswordHashing

INSTALLATION:

Make sure you have the lastest .NET Framework installed (tested on .NET Framework 4.7.2)

Open IIS, go to the applicaton pools and open the application pool being used by your Classic ASP application. Check the .NET CRL version E.g: v4.0.30319

Navigate to the CRL folder E.g: C:\Windows\Microsoft.NET\Framework64\v4.0.30319

Copy over: ClassicASP.PBKDF2.dll, Microsoft.AspNetCore.Cryptography.Internal.dll and Microsoft.AspNetCore.Cryptography.KeyDerivation.dll

Run CMD as administrator

Change the directory to your CRL folder E.g: cd C:\Windows\Microsoft.NET\Framework64\v4.0.30319

Run the following command: RegAsm ClassicASP.PBKDF2.dll /tlb /codebase

Usage

Set PBKDF2 = Server.CreateObject("ClassicASP.PBKDF2")

' Generate a hash with default parameters (iterations = 10000, algorithm = sha1, saltBytes = 16, keyLength = 32)
PBKDF2.Hash("myPassword")

' Custom parameters (algorithms supported are: sha1, sha256 and sha512)
PBKDF2.Hash("myPassword", int iterations, string algorithm, int saltBytes, int keyLength)

' Verify a hash (the PBKDF2 parameters are contained within the base64 hash string)
PBKDF2.Verify("myPassword","AQAAAAIAAHUwAAAAEHhMDmEV5UBQt7PP/Da/ughVC2xxpluFxBi7tsseMgD/uVovJw+cY4xrXftimQbYng==") ' True / False

Example output from PBKDF2.asp

Password: myPassword

PBKDF2 Hash: AQAAAAIAAHUwAAAAEMQDlEV5lXwV4qDUsVEwIfMtjnQHmEpV/BI8GV+36+vTjaAuVsbYZc+cqexrh7KHjA==

Time to execute: 0.1992s

PBKDF2 Verified: True

Time to execute: 0.2656s