Todd Ashworth wrote:
> I'm supprised some talented CF hacker hasn't found a way to yank
> it out of the registry and convert it back to its original form.
I don't know the details of the encryption used for the
password in the registry, but I would expect it to use a one-
way encryption method. To check a password, the supplied
password is encrypted and compared with the encrypted password
from the registry. There's never any need to decrypt it, and
it's likely impossible to do so. By "impossible" I mean that
it would require far too much computing time with current
processors. It has nothing to do with how talented the hacker
might be.
Of course, the CF admin password may not work like that, but it
would seem to be unnecessarily insecure if it didn't.
Keith C. Ivey <[EMAIL PROTECTED]>
Webmaster, EEI Communications
66 Canal Center Plaza, Suite 200
Alexandria, VA 22314
Telephone: 703-683-0683
Fax: 703-683-4915
Web Site: http://www.eeicommunications.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
