It's more like encoding than encryption.
>From memory, it loops over the string performing an XOR on each character in
the string with the corresponding character in the key. When it reaches the
end of the key it starts again.
The resulting character from the XOR is converted to base64 or HEX or some
such.
Essentially it is very easy to reverse engineer if you know anything at all
about the key, the string, or the encrypted string.
If you can possibly use it, hash() will provide the most secure method of
storage, but you can never get back to the original string.
If that won't work for you, you might consider using some of the native
functionality available in the CFMX internals, or an external class file.
Spike
--------------------------------------------
Stephen Milligan
Code poet for hire
http://www.spike.org.uk
Do you cfeclipse? http://cfeclipse.tigris.org
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Dawson, Michael
>Sent: Wednesday, July 07, 2004 12:38 PM
>To: CF-Talk
>Subject: RE: Encrypting strings
>
>How about using CFusion_Encrypt() to encrypt your information? I think
>it's a bit "stronger".
>
>Also, can't you Hash() the string and then compare it to another hashed
>value when needed?
>
> _____
>
>From: Austin Govella [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, July 07, 2004 2:29 PM
>To: CF-Talk
>Subject: Encrypting strings
>
>
>I need to encrypt SSNs.
>
>I'm looking for something more powerful than encrypt().
>
>Also, does the length of my encryption key affect the
>difficulty for people trying to decrypt?
>
>For example, is using "canine" for a key more secure than
>using "dog" just because it's longer?
>
>Thanks,
>--
>Austin
> _____
>
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
