RE: How secure is encrypt

Wed, 30 Oct 2002 09:21:00 -0800 

If I wanted to take an hour to write an app, and let it run in the
background for a day or two?  Yes, I probably could.

<cfencrypt> is a symetric key algorythm with (iirc) only a 32-bit keyspace.
So I need to run through, at most, about 4.2 billion keys, looking for (as
an example) anything that contains a dictionary word.  I pick the one of
that set that seems to make the most sense.  If I'm right, I've got your
key.

For CCs, I find a group of encrypted ones and look for a key that makes all
of them a 16-digit number (with or without dashes, spaces, whatever).  Now
I've got your key.

For passwords, I get the login name and the encrypted password and try login
after login until I'm in.  Now I've got your key, and can decrypt anyone
else's login for whom I have a login name and an encrypted password.

Will <cfencrypt> keep out people with no skills who really don't want to
hack you site?  Yeah, I'd say it would.  Will it keep out script kiddies,
hackers, or me in a bad mood?  I wouldn't count on it.



  --Ben Doom
    Programmer & General Lackey
    Moonbow Software

: -----Original Message-----
: From: Robertson-Ravo, Neil (REC)
: [mailto:Neil.Robertson-Ravo@;csd.reedexpo.com]
: Sent: Wednesday, October 30, 2002 11:50 AM
: To: CF-Talk
: Subject: RE: How secure is encrypt
:
:
: expand/explain?
:
: If its so insecure, can you tell me what this string says?
:
: 8512J85868A65C9E588CAA7E8094444E907492541
:
:
: :-p
:
:
:
: -----Original Message-----
: From: Jochem van Dieten [mailto:jochemd@;oli.tudelft.nl]
: Sent: 30 October 2002 16:46
: To: CF-Talk
: Subject: Re: How secure is encrypt
:
:
: John Gedeon wrote:
:
: > how good is the encryption  that the built in cf function use?
: > good enough for cc's or passwords?
:
: Totally insecure.
:
: Jochem
:
:
: 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.

Reply via email to