> > The problem with CFENCRYPT isn't that it's a public > > standard, but rather that it uses a relatively weak > > encryption strength (that, along with the fact that > > the key is probably stored somewhere within the > > application code or environment). > > Ditto. As I and, you, and others have mentioned... cryptography > isn't a game for newbies. I'm sure the author's of cfencrypt > thought their code was cool... but I'm just as sure that > serious hacker types (especially those who do it for the > money) were laughing their [censored] off when they ran > in that alg. > > I'd be willing to bet cash several of them owned :) the > alg within half an hour. Counting snack breaks.
For some reason, I thought it simply used 56-bit DES, but then I looked at the docs. Yeesh! "Encrypts a string. Encrypt uses a symmetric key-based algorithm in which the same key is used to encrypt and decrypt a string. The security of the encrypted string depends on maintaining the secrecy of the key. Encrypt uses an XOR-based algorithm that uses a pseudo-random 32-bit key based on a seed passed by the user as a parameter to the function. The resultant data is UUencoded and may be as much as three times the original size." I'm filled with confidence now. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
