Well, even encryption for protecting government secrets can be cracked if the encryption uses a single key - you just try all the possibilities until you get it right. What makes an encryption mechanism secure is the length of the key, restriction of access to that key, and the hash algorithm. I don't think there's a way of decrypting cfencrypt() without the key - but as I pointed out, it'd probably take a ridiculously short amount of time to crack with a short key. Then again, the whole point is moot, if someone can access the original source code, since the encryption key would be in plain text there.
----- Original Message ----- From: <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, December 04, 2001 3:26 PM Subject: Re: Credit Card Encryption > Of course, most "decrypters" for cfencrypt() > > probablywouldn't take very long to decrypt using brute force > > techniques, because > > most developers I know use very short keys, like "abc123" - your > > encryptionkey should be very long, and random). > > It depends on many factors, but suffice it to say that the encryption > mechanism is very, very weak. > > Mind you, those functions aren't really meant to protect government > secrets. They're just a bit of obfuscation, essentially. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists