Sabtu, 08 Agustus 2009

Pemrograman ASP untuk Mengenkripsi Password

Seringkali dalam situs ada fitur login username dan password atau login khusus administrator, untuk dapat mengakses dan menggunakan berbagai fitur yang disimpan dalam database(umumnya SQL atau Access)

Namun, bagaimana jika seorang attacker mendapatkan table user dan semua password user? Ini malapetaka. Tentunya anda ingin menyembunyikan atau mengenkripsi password dalam tabel user. Berikut ini saya berikan VBscript yang dikombinasikan dengan script ASP.
untuk mengenkripsi password user. Terlebih dahulu kita membuat sebuah fungsi yang kita perintahkan untuk mengenkripsi password ke dalam karakter ASCII. Fungsi ini kita namakan fungsi enkripsi. Berikut ini adalah VBscript yang akan kita gunakan.



Function enkripsi(x1, x2)
   s = ""
   t = 0
   For i = 1 to len(x1)
       t = t + asc(mid(x1,i,1))
   Next
   For i = 1 to len(x2)
       y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
       s = s & chr(y)
   Next
   For i = (len(x2) + 1) to 10
       If t>598.8 Then t = 598.8
       y = t^3*i mod 255
       s = s & chr(y)
   Next
   enkripsi = s
End Function

VBscript ini akan kita gunakan dalam file bernama enkripsi.asp. Lihat contohnya dibawah ini:

<%
Function enkripsi(x1, x2)
   s = ""
   t = 0
   For i = 1 to len(x1)
       t = t + asc(mid(x1,i,1))
   Next
   For i = 1 to len(x2)
       y = (t + asc(mid(x2,i,1)) * asc(mid(x2,((i+1) mod len(x2)+1),1))) mod 255
       s = s & chr(y)
   Next
   For i = (len(x2) + 1) to 10
       If t>598.8 Then t = 598.8
       y = t^3*i mod 255
       s = s & chr(y)
   Next
   enkripsi = s
End Function
%>



 Enkripsi <br /> <br /><body> <br /><% If request.form("name") = "" Then %> <br />Username: <br /> <br />Password: <br /> <br /> <br /><% Else %> <br /><% response.write enkripsi(request.form("name"),request.form("pass")) %> <br /><% End If %> <br /> <br />CATATAN: <br /> <br />Anda dapat mengubah kode berikut sesuai dengan konfigurasi situs anda <br /> <br />misalnya menjadi seperti ini: <br /> <br /> <br />Fungsi ini tidak dapat dibalik, maksudnya jika user lupa password, maka harus diberikan password baru. Tapi kita tidak membahas masalah fitur ini. Disini saya hanya menerangkan metode enkripsi password melalui pemrograman ASP. <br /> Meskipun script ini bukan enkripsi tingkat tinggi, tapi cukup efektif dalam mengelabui hacker-hacker kelas teri (sorry kagak bermaksud menghina, tapi iya khan? hehe). Untuk yang hacker kelas berat, kita memerlukan area secure yang terenkripsi, seperti https:// <br /> <br /></span> <div style='clear: both;'></div> </div> <div class='post-footer'> <div class='post-footer-line post-footer-line-1'> <span class='post-author vcard'> Diposting oleh <span class='fn'>try</span> </span> <span class='post-timestamp'> </span> <span class='reaction-buttons'> </span> <span class='star-ratings'> </span> <span class='post-comment-link'> </span> <span class='post-backlinks post-comment-link'> </span> <span class='post-icons'> </span> </div> <div class='post-footer-line post-footer-line-2'> <span class='post-labels'> Label: <a href='http://trycahgo.blogspot.com/search/label/Hacking' rel='tag'>Hacking</a> </span> </div> <div class='post-footer-line post-footer-line-3'> <span class='post-location'> </span> </div> </div> </div> <div class='comments' id='comments'> <a name='comments'></a> <div id='backlinks-container'> <div id='Blog1_backlinks-container'> </div> </div> </div> <!--Can't find substitution for tag [adEnd]--> </div> <div class='blog-pager' id='blog-pager'> <span id='blog-pager-newer-link'> <a class='blog-pager-newer-link' href='http://trycahgo.blogspot.com/2009/08/menjebol-password-folder-guard-pro-52_08.html' id='Blog1_blog-pager-newer-link' title='Posting Lebih Baru'>Posting Lebih Baru</a> </span> <p align='left'><b>Artikel Lainnya Cari Dibawah Ini : </b></p> <style type='text/css'> @import url(http://www.google.com/cse/api/branding.css); </style> <div class='cse-branding-right' style='background-color:#999999;color:#000000'> <div class='cse-branding-form'> <form action='http://www.google.co.id/cse' id='cse-search-box'> <div> <input name='cx' type='hidden' value='partner-pub-3442224118567282:5zmuzz23mub'/> <input name='ie' type='hidden' value='ISO-8859-1'/> <input name='q' size='31' type='text'/> <input name='sa' type='submit' value='Cari Artikel'/> </div> </form> </div> <div class='cse-branding-logo'> <img alt='Google' src='http://www.google.com/images/poweredby_transparent/poweredby_999999.gif'/> </div> <div class='cse-branding-text'> </div> </div> <span id='blog-pager-older-link'> <a class='blog-pager-older-link' href='http://trycahgo.blogspot.com/2009/08/trik-mereset-password-windows-9x.html' id='Blog1_blog-pager-older-link' title='Posting Lama'>Posting Lama</a> </span> <a class='home-link' href='http://trycahgo.blogspot.com/'>Beranda</a> </div> <div class='clear'></div> </div></div> <div id='content-bgbtm'></div> </div> <div id='sidebar-wrapper'> <div id='sidebar1-bgtop'></div> <div class='sidebar section' id='sidebar'><div class='widget HTML' data-version='1' id='HTML11'> <h2 class='title'>Pencarian</h2> <div class='widget-content'> <style type="text/css"> @import url(http://www.google.com/cse/api/branding.css); </style> <div class="cse-branding-right" style="background-color:#999999;color:#000000"> <div class="cse-branding-form"> <form action="http://www.google.co.id/cse" id="cse-search-box"> <div> <input type="hidden" name="cx" value="partner-pub-3442224118567282:5zmuzz23mub" /> <input type="hidden" name="ie" value="ISO-8859-1" /> <input type="text" name="q" size="23" /> <input type="submit" name="sa" value="Cari" /> </div> </form> </div> <div class="cse-branding-logo"> <img src="http://www.google.com/images/poweredby_transparent/poweredby_999999.gif" alt="Google" /> </div> <div class="cse-branding-text"> </div> </div> </div> <div class='clear'></div> </div><div class='widget HTML' data-version='1' id='HTML9'> <div class='widget-content'> <!-- Histats.com START --> <a href="http://www.histats.com" target="_blank" title="blog counter"> <script language="javascript" type="text/javascript"> var s_sid = 969225;var st_dominio = 4; var cimg = 332;var cwi =112;var che =62; </script></a><script language="javascript" src="http://s10.histats.com/js9.js" type="text/javascript"></script> <noscript><a href="http://www.histats.com" target="_blank"> <img border="0" alt="blog counter" src="http://s4.histats.com/stats/0.gif?969225&1"/></a> </noscript> <!-- Histats.com END --> </div> <div class='clear'></div> </div><div class='widget HTML' data-version='1' id='HTML7'> <h2 class='title'>Link</h2> <div class='widget-content'> <a target="_blank" href="http://rapidlibrary.com">Best Rapidshare Search</a> <a href="http://latihan-blog.blogspot.com" target="_blank"><img border="0" alt="latihan-blog.blogspot.com" src="http://i152.photobucket.com/albums/s170/metroyanti/Blog%20templates/latblog4.gif"/></a> <p><a href="http://www.ilmugrafis.com" target="_blank"><img alt="tutorial ilmu grafis indonesia" border="0" vspace="2" title="tutorial desain grafis indonesia" height="60" src="http://www.ilmugrafis.com/images/ilmugrafis.gif" hspace="2" width="120"/></a><br/> <a href="http://www.ilmugrafis.com">ilmugrafis indonesia</a><p></p> <a href="http://www.sulit.com.ph/" target="_blank" title="Buy and Sell Philippines : Sulit.com.ph"><img border="0" width="120" alt="Buy and Sell Philippines : Sulit.com.ph" src="http://st.sulit.com.ph/images/banner1.gif" height="60" title="Buy and Sell Philippines : Sulit.com.ph"/></a> <center><a href="http://blogger-bumen.blogspot.com" target="_blank" title="Komunitas Blogger Kebumen"><img border="0" alt="komunitas blogger kebumen" src="http://i487.photobucket.com/albums/rr238/bibitku/th_BloggerKebumen1.jpg"/></a><br/><small><a href="http://www.bi2t.com" target="_blank">We Love Our City</a></small></center> <center> <a href="http://www.ilmuwebsite.com" target="_blank"> <img border="0" src="http://unair.info/img/iweb.jpg"/></a><br/> <a href="http://www.ilmuwebsite.com" target="_blank"> ilmuwebsite.com</a></center> <a href="http://www.clixsense.com/?2753829"><img style="border: solid 1px;" src="http://www.clixsense.com/static/img/clixsense2.gif"/></a></p> </div> <div class='clear'></div> </div><div class='widget HTML' data-version='1' id='HTML6'> <h2 class='title'>Perlengkapan</h2> <div class='widget-content'> <script src="http://widgets.amung.us/classic.js" type="text/javascript"></script><script type="text/javascript">WAU_classic('dc6512n3gst5')</script> <a href="ymsgr:sendIM?try_cahgo"> <img src="http://opi.yahoo.com/online?u=try_cahgo&m=g&t=2&l=us"/> </a> <a href="http://www.linktiger.com/" title="Broken links checking service - LinkTiger.com"> <img border="0" src="http://www.linktiger.com/images/linktiger.png" alt="Find broken links on your website for free with LinkTiger.com"/></a> <a href="http://www.growurl.com/index.php?ref=23677" target="_blank"><img border="0" width="120" alt="GrowUrl.com - growing your website" src="http://www.growurl.com/images/growurl_button.gif" height="40"/></a> <a href="http://pinoy-blogs.com/"> <img border="0" alt="Pinoy-Blogs.com" src="http://pinoy-blogs.com/gombie.img"/> </a> <script src="http://widgets.technorati.com/t.js" type="text/javascript"> </script> <a style="color:#4261DF" href="http://technorati.com/blogs/{URL}?sub=tr_authority_t_ns" class="tr_authority_t_js">View blog authority</a> <a href="http://blog-masbudi.blogspot.com/" target="_blank"><img border="0" alt="Blog Mas Budi" src="http://s474.photobucket.com/albums/rr101/setyobr_46/setyo-budi.gif" img/></a> <a href new http://blog-masbudi.blogspot.com/="target="> <a href="http://www.trikblog.co.cc" target="_blank"><img border="0" alt="tips dn trk blogger" src="http://i322.photobucket.com/albums/nn428/togu25_bucket/banner1.png"/></a></a href> <!-- Google PageRank Checker www.gealgeol.com start from here --> <div style="line-height: 100%;"> <center> <a href="http://www.gealgeol.com/php/pr" title="Google PageRank Info"><img border="0" alt="Google PageRank Info" src="http://www.gealgeol.com/php/pr.img/wireless.png"/></a> <br/><a style="color: #993333; font: bold 10px verdana; text-decoration: none;" href="http://www.gealgeol.com">www.GealGeol.com</a> </center> </div> <!-- End of Google PageRank Checker www.gealgeol.com --> </div> <div class='clear'></div> </div><div class='widget HTML' data-version='1' id='HTML5'> <h2 class='title'>Mau Belanja ....</h2> <div class='widget-content'> <iframe scrolling="no" style="width:120px;height:240px;" frameborder="0" src="http://rcm.amazon.com/e/cm?t=60mbsblog-20&o=1&p=8&l=as1&asins=B001QFZFS0&fc1=000000&IS2=1<1=_blank&m=amazon&lc1=0000FF&bc1=000000&bg1=FFFFFF&f=ifr" marginheight="0" marginwidth="0"></iframe> </div> <div class='clear'></div> </div><div class='widget HTML' data-version='1' id='HTML2'> <div class='widget-content'> <!-- Begin: http://adsensecamp.com/ --> <script src="http://adsensecamp.com/show/?id=paM0lKQ6nFE%3D&cid=7XbjAIDKIxw%3D&chan=99ZFlpTf1nE%3D&type=4&title=3D81EE&text=000000&background=FFFFFF&border=000000&url=2BA94F" type="text/javascript"> </script> <!-- End: http://adsensecamp.com/ --> </div> <div class='clear'></div> </div></div> <div id='sidebar1-bgbtm'></div> </div> <!-- spacer for skins that want sidebar and main to be the same height--> <div class='clear'> </div> </div> <!-- end content-wrapper --> <div id='footer'> <p class='copyright'>2009 <a href='http://trycahgo.blogspot.com/'>try's blog</a> All Rights Reserved. <a href='http://www.deluxetemplates.net/'>Blogger Templates</a> created by <a href='http://www.deluxetemplates.net/'>Deluxe Templates</a> .</p> <p class='link'>CSS by <a href='http://www.freecsstemplates.org/'>Free CSS Templates</a></p> </div> </div></div> <!-- end outer-wrapper --> <script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/984859869-widgets.js"></script> <script type='text/javascript'> window['__wavt'] = 'AOuZoY6ctO8qqJGkdHnE3DCMQWF4H9yuOQ:1732541645569';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3621831370437288404','//trycahgo.blogspot.com/2009/08/pemrograman-asp-untuk-mengenkripsi.html','3621831370437288404'); _WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3621831370437288404', 'title': 'try\x27s blog', 'url': 'http://trycahgo.blogspot.com/2009/08/pemrograman-asp-untuk-mengenkripsi.html', 'canonicalUrl': 'http://trycahgo.blogspot.com/2009/08/pemrograman-asp-untuk-mengenkripsi.html', 'homepageUrl': 'http://trycahgo.blogspot.com/', 'searchUrl': 'http://trycahgo.blogspot.com/search', 'canonicalHomepageUrl': 'http://trycahgo.blogspot.com/', 'blogspotFaviconUrl': 'http://trycahgo.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'id', 'localeUnderscoreDelimited': 'id', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22try\x26#39;s blog - Atom\x22 href\x3d\x22http://trycahgo.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22try\x26#39;s blog - RSS\x22 href\x3d\x22http://trycahgo.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22try\x26#39;s blog - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3621831370437288404/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22try\x26#39;s blog - Atom\x22 href\x3d\x22http://trycahgo.blogspot.com/feeds/1668694137733121615/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-3442224118567282', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/da8f33dd880cc4f1', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Dapatkan link', 'key': 'link', 'shareMessage': 'Dapatkan link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Bagikan ke Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Bagikan ke X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Bagikan ke Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27id\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Baca selengkapnya', 'pageType': 'item', 'postId': '1668694137733121615', 'pageName': 'Pemrograman ASP untuk Mengenkripsi Password', 'pageTitle': 'try\x27s blog: Pemrograman ASP untuk Mengenkripsi Password'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Tautan disalin ke papan klip!', 'ok': 'Oke', 'postLink': 'Tautan Pos'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Khusus', 'isResponsive': false, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Pemrograman ASP untuk Mengenkripsi Password', 'description': 'Seringkali dalam situs ada fitur login username dan password atau login khusus administrator, untuk dapat mengakses dan menggunakan berbagai...', 'url': 'http://trycahgo.blogspot.com/2009/08/pemrograman-asp-untuk-mengenkripsi.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 1668694137733121615}}]); _WidgetManager._RegisterWidget('_NavbarView', new _WidgetInfo('Navbar1', 'navbar', document.getElementById('Navbar1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'sidebar2', document.getElementById('Profile1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label1', 'sidebar2', document.getElementById('Label1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive1', 'sidebar2', document.getElementById('BlogArchive1'), {'languageDirection': 'ltr', 'loadingMessage': 'Memuat\x26hellip;'}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'sidebar2', document.getElementById('HTML8'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'sidebar2', document.getElementById('HTML1'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML4', 'sidebar2', document.getElementById('HTML4'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML3', 'main', document.getElementById('HTML3'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML10', 'main', document.getElementById('HTML10'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML12', 'main', document.getElementById('HTML12'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML13', 'main', document.getElementById('HTML13'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2646514562-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/1964470060-lightbox_bundle.css'}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML11', 'sidebar', document.getElementById('HTML11'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML9', 'sidebar', document.getElementById('HTML9'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'sidebar', document.getElementById('HTML7'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'sidebar', document.getElementById('HTML6'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML5', 'sidebar', document.getElementById('HTML5'), {}, 'displayModeFull')); _WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'sidebar', document.getElementById('HTML2'), {}, 'displayModeFull')); </script> </body> </html>