Is there any way to Hash a password using BCrypt in classic ASP?

Question 1

After reading the OP question I conclude that the OP wants a hashing algorithm (example given: bcrypt).

Well, if you are looking for a hash in classic ASP it's a bit like a desert, not so many lbiraries.

This link however implements a sha1 hash, http://forums.aspfree.com/code-bank-54/asp-classic-sha1-hash-82166.html it has the code (read all comments as well), now you have a portable cross-code implementable hash function.

<%
    Dim strPassWord, strHash, salt
    salt = "6XBMkpz39m8RFCpwt1Cofzbg1TTIN7yTGzMlayIfy9yBOPgX2zhfXM9X5mqv8HT6"
    strPassWord = "secret"
    strHash = hex_sha1(strPassWord & salt)

    Response.Write("<p><b>strPassWord:</b> " & strPassWord & "</p>")
    Response.Write("<p><b>strHash:</b> " & strHash & "</p>")
%>

Expanding to C#, Javascript, Python, ... and so on. So somewhere in the future - when you decide to leave classic ASP behind - you'll find that you are still able to use the stored hashed passwords.

Question 2

The blog post in Kenny's answer has a good solution that leverages .NET's SHA512Managed class, unfortunately it has some bugs. Here it is with the bugs zapped and the code tidied up.

Function Hash(stringToHash, salt)

    const SITE_WIDE_SALT = "THIS IS A SITE WIDE SALT, BUT COULD BE A GUID"

    dim objUnicode : set objUnicode = CreateObject("System.Text.UnicodeEncoding")
    dim objSHA512 : set objSHA512 = Server.CreateObject("System.Security.Cryptography.SHA512Managed")

    dim saltedString : saltedString = SITE_WIDE_SALT & stringToHash & salt
    dim arrByte : arrByte = objUnicode.GetBytes_4(saltedString)
    dim strHash : strHash = objSHA512.ComputeHash_2((arrByte))

    Hash = ToBase64String(strHash)

    set objUnicode = nothing
    set objSHA512 = nothing
End Function


' Helper method for function SHA512Hash
Function ToBase64String(rabyt)

    'Ref: http://stackoverflow.com/questions/1118947/converting-binary-file-to-base64-string
    dim xml : set xml = CreateObject("MSXML2.DOMDocument.3.0")
    xml.loadXml "<Root></Root>"
    xml.documentElement.dataType = "bin.base64"
    xml.documentElement.nodeTypedValue = rabyt

    ToBase64String = Replace(xml.documentElement.Text, vbLf, "")

    set xml = nothing
End Function

To use it, simply call the Hash function with an individual salt.

dim hashedPassword
hashedPassword = Hash(password, "some random salt value")

Question 3

I plan on implementing this soon, but for now my plan is to use BCrypt.Net in Classic ASP.

This blog post provides an example of using a hashing function implemented in .NET in Classic ASP code.

Basically, using BCrypt.Net, you should be able to create a 'COM-visible' wrapper interface for the relevant BCrypt.Net class methods and then be able to write Classic ASP code like the following:

Dim objBCrypt
Set objBCrypt = CreateObject("BCryptComInterface")

Dim strHash
Set strHash = objBCrypt.HashPassword(the_password_to_be_hashed)

Note that the BCrypt class BCrypt.Net.BCrypt has three overloaded methods with the name HashPassword; I'm assuming that the method HashPassword in the COM interface corresponds to the .NET method that only accepts a single parameter. [The other methods would be accessed as HashPassword_2 and HashPassword_3. See this answer to the SO question .net - Overloads in COM interop (CCW) - IDispatch names include suffix (_2, _3, etc) for more details.]

If I learn more when I get around to implementing this myself, I'll update this answer.

Question 4

I created a COM DLL that allows you to use Bcrypt in Classic ASP:

https://github.com/as08/ClassicASP.Bcrypt

I also created similar COM DLL's for Argon2 and PBKDF2:

https://github.com/as08/ClassicASP.Argon2

https://github.com/as08/ClassicASP.PBKDF2

Installation instructions and code examples are available on GitHub