SHA-1 w/ ASP & VBScript

Hello,

I am trying to use SHA-1 cryptography in an ASP page. I am able to encrypt the password, and store it into the database... All is well... I am also using a nonce .. A.K.A. salt to store the password so that it is secure against dictionary attacks. The user enters a password, followed by a secret phrase. The password is stored in the database as PassHASH, and the secret phrase is stored as the salt. When the user clicks the sign-up button, the PassHASH is then concatenated with the Salt, which is then encrypted again to make up the actual checksum value that is stored in the database as the password. The user is then emailed an activation link. When the user clicks on the link in their inbox, they are taken to an activation script where their information is pulled from a temp table (pending_activations) and is stored into the main table in the database which holds all the clients. The salt, the PassHASH and the actual checksum password is then pulled from the temp table and placed into the main user table, since the user has now been confirmed as an actual user and not URL..... The account is created, the user is automatically logged in, and all goes well... HOWEVER :-) , when the user comes back to log into the web site, they are required to enter the username and password... (of course) ... Now the password is encrypted and converted into an ASCII hash value, where the salt is then pulled from the database and concatenated to the password hash, where they are then encrypted together, to match against the checksum or password in the database. ERROR ..... Access Denied... I put the variables into a response.write statement to see where it may have been going wrong. The password which the user enters, which is converted and stored as PassHASH matches fine against the database... The Salt matches perfect.... However, the final checksum value is wrong. I have tried using the variables in different order such as Encrypt(PassHASH & Salt), or Encrypt(Salt & PassHASH), however nothing seems to work. I am very desperate for an answer, so if anyone has worked with SHA-1 before, or any type of hashing algorithm such as MD4 or MD5, and can lend a hand, it would be greatly appreciated !!!


Thanks ......

i got it... nevermind... It was a problem with one of the tables in MySQL ..... Was only set to allow 50 characters, so I came up 13 short ... duhhhh