I knew SHA1 was a hash and could not be reversed - I'm pretty sure that's why it was used in the first place. I haven't worked with DES so wasn't too sure about it other than everything I'm finding says its pretty weak.

WIntellect - I agree with everything you say and this is what I am doing with my web app, but the guys I'm going to be working with aren't too tech savy, they have some canned ASP app that the just change some setting in an XML file to enable and disable options. It took 3 of them to figure out how passwords where encrypted.

This should be a interesting project since up to this point the most technical question the have asked me is "what should the number for the help desk be?"

The only option is to convert their DES-using system to your SHA1-using system (decrypt all the DES passwords, then hash them with SHA1). If their "forgotten password" feature tells the user his original password, this particular feature will no longer work at this point.

Also - I fail to see how an encrypted password could be convert to its alter-encrypted format

I have a web application that encrypts passwords using SHA1.

Now are parent has decided that we need to connect to there site for other services that they offer that we legally can't. Their programmer and I would like to attempt a single sign on solution so that a user will not have multiple password for what seems to them is the same site.

The problem is they use DES encryption for password (not to mention IIS and ASP) so does anyone have an idea how I can get my current SHA stored password to DES?

Of the top of my head all I can think to do is encrypt the SHA string into DES.

Any thoughts welcomed....