Re: decrypt coldfusion admin password

[Rob Parkhill]

Rusty,

You don't need to decryt it, you can reset it.

Depending on which version of course!

Here is the link that I have used for other customers that works.

http://www.tek-tips.com/faqs.cfm?fid=3731

Cheers,

Rob

On Thu, Nov 18, 2010 at 4:01 PM, Rusty Owens wrote:

>
> The company I work for has a coldfusion application that is being migrated
> to our servers.  We need to log in to the admin but no one who wrote it is
> here any longer.  I used to have code to decrypt and display the admin
> password. Can anyone get me that?
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339383
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: decrypt coldfusion admin password

[Russ Michaels]

You just need to disable the admin login in the neo-security.xml

Russ

-Original Message-
From: Rusty Owens [mailto:rusty_ow...@hotmail.com] 
Sent: 18 November 2010 21:01
To: cf-talk
Subject: decrypt coldfusion admin password


The company I work for has a coldfusion application that is being migrated
to our servers.  We need to log in to the admin but no one who wrote it is
here any longer.  I used to have code to decrypt and display the admin
password. Can anyone get me that? 




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:339382
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Decrypt CF scheduled job password?

[Qing Xia]

Thanks to all who replied! Your suggestions on Googling "coldfusion decrypt
datasource password" were most helpful.

I just switched jobs where my new job practices Agile Programming (a.k.a.
paired programming). While this practice is so far interesting and
rewarding, it has definitely reduced my reading time on the CFTalk list. :-(
Need to catch up on all the interesting discussions going on here.

On Wed, Mar 31, 2010 at 8:40 AM, Paul Alkema wrote:

>
> Yeah if you do google "coldfusion decrypt datasource password" make sure
> you
> click on what's currently the 4th option entitled "How To Crack Coldfusion
> Datasources ". I think you'll find that the most helpful. ;)
>
> Paul Alkema
> AlkemaDesigns.com
>
>
> -Original Message-
> From: b...@bradwood.com [mailto:b...@bradwood.com]
> Sent: Tuesday, March 30, 2010 10:45 PM
> To: cf-talk
> Subject: RE: Decrypt CF scheduled job password?
>
>
> I've never tried it, but if the cron passwords are stored the same way
> data source passwords are, then they probably are crackable.
> Google "coldfusion decrypt datasource password"
>
> Note:  The people who figured out how to decrypt CF passwords had to
> decompile CF's source Java code so enter at your own legal risk.  :)
>
> ~Brad
>
>
>  Original Message 
> Subject: Decrypt CF scheduled job password?
> From: Qing Xia 
> Date: Tue, March 30, 2010 8:09 pm
> To: cf-talk 
>
>
> Hello folks,
>
> I was just wondering, does anyone happen to know if the password in the
> CF
> scheduled job XML file (cfroot\lib\neo_cron.xml) is crackable?
>
>
>
>
> 

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:332610
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Decrypt CF scheduled job password?

[Paul Alkema]

Yeah if you do google "coldfusion decrypt datasource password" make sure you
click on what's currently the 4th option entitled "How To Crack Coldfusion
Datasources ". I think you'll find that the most helpful. ;)

Paul Alkema
AlkemaDesigns.com


-Original Message-
From: b...@bradwood.com [mailto:b...@bradwood.com] 
Sent: Tuesday, March 30, 2010 10:45 PM
To: cf-talk
Subject: RE: Decrypt CF scheduled job password?


I've never tried it, but if the cron passwords are stored the same way
data source passwords are, then they probably are crackable.
Google "coldfusion decrypt datasource password"

Note:  The people who figured out how to decrypt CF passwords had to
decompile CF's source Java code so enter at your own legal risk.  :)

~Brad


 Original Message 
Subject: Decrypt CF scheduled job password?
From: Qing Xia 
Date: Tue, March 30, 2010 8:09 pm
To: cf-talk 


Hello folks,

I was just wondering, does anyone happen to know if the password in the
CF
scheduled job XML file (cfroot\lib\neo_cron.xml) is crackable?




~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:332486
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Decrypt CF scheduled job password?

[brad]

I've never tried it, but if the cron passwords are stored the same way
data source passwords are, then they probably are crackable.
Google "coldfusion decrypt datasource password"

Note:  The people who figured out how to decrypt CF passwords had to
decompile CF's source Java code so enter at your own legal risk.  :)

~Brad


 Original Message 
Subject: Decrypt CF scheduled job password?
From: Qing Xia 
Date: Tue, March 30, 2010 8:09 pm
To: cf-talk 


Hello folks,

I was just wondering, does anyone happen to know if the password in the
CF
scheduled job XML file (cfroot\lib\neo_cron.xml) is crackable?


~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:332475
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Decrypt CF scheduled job password?

[Mike Chabot]

Yes, it is.

-Mike Chabot

On Tue, Mar 30, 2010 at 9:09 PM, Qing Xia  wrote:
>
> Hello folks,
>
> I was just wondering, does anyone happen to know if the password in the CF
> scheduled job XML file (cfroot\lib\neo_cron.xml) is crackable? I swear, I
> have no ill intent! I am only just curious! :-) (no, seriously) The "char
> code" value in the password block looks suspiciously like some kind of key
> for decryption so it just got me thinking...
>
> Anyway, here is what the neo_cron.xml file in my own development (CF9) looks
> like.  I put in test/test as username/password in the CFAdmin scheduled job
> interface.
>
>  test
>  -  >(/:/!LJ*'XN@
>
>  Thanks in advance for your thoughts!
>
>  Cheers,
>
>  Qing Xia
>
>
>  - 
>
>
> 

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:332474
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: decrypt

[Barney Boisvert]

Hashes are intentionally one-way.  You can't get back to the original
source other than doing a brute-force search of source strings until
you find one that matches the hash.  Obviously that's really time
intensive, especially if the source string is of arbitrary length.
That site you link to simply has a database of known strings and their
MD5 hashes and will do that brute-force search for you.  So unless you
have a common string, chances are slim it'll help.

That said, if PHP was using an MD5, then it wasn't decrypting it
either, only using it for comparisons.  So you should be able to
implement the same functionality in CF, despite the fact that you
don't know what the source data is (because PHP doesn't either).

cheers,
barneyb

On Sat, Apr 18, 2009 at 10:01 AM, Chad Gray  wrote:
>
> Hello,
>
> I need to decrypt a hash.  Can I do this in CF?
>
> I am trying to get a PHP application that stores some information as an MD5 
> hash to work with a CF application.  So want to decrypt it and use it in my 
> CF application.
>
> This web site can decrypt it, but the CF decrypt() function needs a key.  How 
> do I figure out the key?
>
> http://tools.benramsey.com/md5/
>
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321786
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: decrypt

[Brad Wood]

Hashes are a one-way deal and cannot be decrypted by nature.
The only way to "reverse" a hash is by brute force.  (Google Rainbow Tables)

I guarantee you the PHP app did not decrypt whatever it was it was hashing. 
Generally, when it comes to something like passwords, you hash the password 
and store it.  When someone attempts to login, you hash the password they 
provided and see if that hash matches the stored hash.

~Brad

- Original Message - 
From: "Chad Gray" 
To: "cf-talk" 
Sent: Saturday, April 18, 2009 12:01 PM
Subject: decrypt


>
> Hello,
>
> I need to decrypt a hash.  Can I do this in CF?
>
> I am trying to get a PHP application that stores some information as an 
> MD5 hash to work with a CF application.  So want to decrypt it and use it 
> in my CF application.
>
> This web site can decrypt it, but the CF decrypt() function needs a key. 
> How do I figure out the key?
>
> http://tools.benramsey.com/md5/
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321785
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: decrypt an old tag

[Ken Ferguson]

Posted this yesterday, but somehow I posted it to the wrong thread.

It's much easier to go with your own decryption than it is to pay them
for theirs. Try something like: (of course you'll have to download
cfdecrypt.exe, but it's out there with a simple Google)






"#directory#\#name# |||
#replacenocase(directory,'\appdir\','\appdecrypted\')#\#name#"





Ken Ferguson
214.636.6126



-Original Message-
From: Snake [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 26, 2006 4:52 PM
To: CF-Talk
Subject: RE: decrypt an old tag

http://www.novabean.com/ 

-Original Message-
From: Howard Owens [mailto:[EMAIL PROTECTED]
Sent: 27 July 2006 04:40
To: CF-Talk
Subject: decrypt an old tag

I have an old custom tag I bought and paid for years and years ago and
still need . 

 

Apparently, after moving it to an upgraded server (4.0 to MX), it no
longer works.

 

Apparently, the company that sold it to me is now out of business.  I
don't think the tag is supported or sold.

 

It's FuseAds.

 

The only thing I can really think to do is decrypt the tag.  I remember
there used to be a utility floating around out there to do it, but I
can't find it.

 

H.

 









~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:247856
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: decrypt an old tag

[Adkins, Randy]

+1 

-Original Message-
From: Snake [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 26, 2006 4:52 PM
To: CF-Talk
Subject: RE: decrypt an old tag

http://www.novabean.com/ 

-Original Message-
From: Howard Owens [mailto:[EMAIL PROTECTED]
Sent: 27 July 2006 04:40
To: CF-Talk
Subject: decrypt an old tag

I have an old custom tag I bought and paid for years and years ago and
still need . 

 

Apparently, after moving it to an upgraded server (4.0 to MX), it no
longer works.

 

Apparently, the company that sold it to me is now out of business.  I
don't think the tag is supported or sold.

 

It's FuseAds.

 

The only thing I can really think to do is decrypt the tag.  I remember
there used to be a utility floating around out there to do it, but I
can't find it.

 

H.

 







~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:247824
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: decrypt an old tag

[Snake]

http://www.novabean.com/ 

-Original Message-
From: Howard Owens [mailto:[EMAIL PROTECTED] 
Sent: 27 July 2006 04:40
To: CF-Talk
Subject: decrypt an old tag

I have an old custom tag I bought and paid for years and years ago and still
need . 

 

Apparently, after moving it to an upgraded server (4.0 to MX), it no longer
works.

 

Apparently, the company that sold it to me is now out of business.  I don't
think the tag is supported or sold.

 

It's FuseAds.

 

The only thing I can really think to do is decrypt the tag.  I remember
there used to be a utility floating around out there to do it, but I can't
find it.

 

H.

 





~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four 
times a year.
http://www.fusionauthority.com/quarterly

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:247823
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Decrypt an encrypted CFM template

[Burns, John]

Great thanks.  Yes, I know, I was afraid of having everyone rip me a new
one for asking, but within this community, I was hoping that everyone
would be upright and not use this stuff for wrong doing.  I appreciate
the help.

John 

-Original Message-
From: Jerry Johnson [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 27, 2004 9:52 AM
To: CF-Talk
Subject: RE: Decrypt an encrypted CFM template

I'm not sure the community feeling about decrypters here in CF land (I
know where the Flash community stands), but I 'm sure I wil lfind out.

Use this only for good, not evil.

=)

http://www.cse.unsw.edu.au/~matthewc/files/cfdecrypt.zip 

(This is from the guy who wrote all the C source you see around the
net.)

Jerry Johnson
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Decrypt an encrypted CFM template

[Jerry Johnson]

I'm not sure the community feeling about decrypters here in CF land (I know where the Flash community stands), but I 'm sure I wil lfind out.

Use this only for good, not evil.

=)

http://www.cse.unsw.edu.au/~matthewc/files/cfdecrypt.zip 

(This is from the guy who wrote all the C source you see around the net.)

Jerry Johnson
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Decrypt an encrypted CFM template

[Tom Kitta]

Last time I checked there were some commercial decrypters floating around
for about $20 per copy. Sorry, I don't have a link handy, but they were not
hard to find last time I checked.

TK
  -Original Message-
  From: Burns, John [mailto:[EMAIL PROTECTED]
  Sent: Friday, February 27, 2004 9:30 AM
  To: CF-Talk
  Subject: Decrypt an encrypted CFM template

  I wrote a CFM template about a year ago (in CF5) and I encrypted it for
  redistribution to some clients.  Since that time, I lost the original.
  Does anyone know of a location where I can get a precompiled decrypter
  so I don't have to write it all over again?  I've done a bit of googling
  and found some source codes, but I need something precompiled to run on
  a windows machine.  Command line programs would work as well.  Thanks in
  advance.

  John Burns
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Decrypt an encrypted CFM template

[John Beynon]

Google it, 'cfdecrypt' and you find http://shroom.dv8.org/cfd/

Jb.

-Original Message-
From: Burns, John [mailto:[EMAIL PROTECTED] 
Sent: 27 February 2004 14:30
To: CF-Talk
Subject: Decrypt an encrypted CFM template

I wrote a CFM template about a year ago (in CF5) and I encrypted it for
redistribution to some clients.  Since that time, I lost the original.
Does anyone know of a location where I can get a precompiled decrypter
so I don't have to write it all over again?  I've done a bit of googling
and found some source codes, but I need something precompiled to run on
a windows machine.  Command line programs would work as well.  Thanks in
advance.

 
John Burns
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: decrypt() not working on CF5

[Heald, Tim]

Start by not using encrypt and decrypt.  Instead use cfusion_encrypt() and
cfusion_decrypt().  Much better functions.  The results are pure
alphanumeric.  

Weird that this shouldn't work though.  What error is CF 5 throwing?  Or is
it decrypting incorrectly?  Is the encrypted value the same on both CF 5 and
MX?

Tim


-Original Message-
From: McNamara Kyle W CONT PORT [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 12:18 PM
To: CF-Talk
Subject: decrypt() not working on CF5


Help! this thing (see code below) works fine on MX but not on CF5... the
only way to get it towork in CF5 is to encrypt and decrypt in the same
request.

Can anyone suggest a workaround? we need this to work for our transition to
MX.

Thank you!

Kyle

 






The string: #string# 
The key: #key#
Encrypted: #encrypted#
Decrypted: #decrypted#



~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Get the mailserver that powers this list at 
http://www.coolfusion.com

RE: Decrypt Problem

[Ben Koshy]

I had this problem too and abandoned the crypt/decrpyt function because
there appeared to be certain instances when it couldn't revert encrypted
text to its original form.  I believe Kay Smoljak (sp?) has a more
reliable crypto function http://developer.perthweb.com.au/  She might be
able to shed more light on the issue.

-Original Message-
From: Ben Densmore [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, September 21, 2002 7:16 AM
To: CF-Talk
Subject: Decrypt Problem


Hi all,
 Yesterday I made some changes to some emails we send out to customers
to encrypt some portions of the url's that in the emails. Now I have
tested this on several different machines with different OS's and
different browsers and browser versions but I am seeing in my log files
that quite a few people are getting this error.
 
An error occurred while evaluating the expression:
#Decrypt(cuid,key)#
 
I can't for the life of me figure out why this works fine for me on
every machine I have tried and know some people who have received the
emails have had no problems because I see they were able to put in an
order into our system.
 
Anyone have any ideas? From looking at the log files it isn't just
limited to one version type of OS or browser, at first I though it might
just win 98 users but then I noticed there are a few people with XP and
2000 having the problem too.
 
Thanks,
Ben



__
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Decrypt Function

[Bryan Stevenson]

I think you're looking for URLEncodedFormat()

Bryan Stevenson B.Comm.
VP & Director of E-Commerce Development
Electric Edge Systems Group Inc.
t. 250.920.8830
e. [EMAIL PROTECTED]

-
Macromedia Associate Partner
www.macromedia.com
-
Vancouver Island ColdFusion Users Group
Founder & Director
www.cfug-vancouverisland.com

- Original Message -
From: "Randell B Adkins" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Monday, July 01, 2002 11:24 AM
Subject: RE: Decrypt Function


> There is no help in CF5 for URLEncryptedFormat
>
> Where is the docs on that function?
>
> >>> [EMAIL PROTECTED] 07/01/02 01:45PM >>>
> are you also using urlEncryptedFormat()  (different fromt he kind of
> encryption you're talking about).. escapes characters not valid in url
>
> ken
>
> -Original Message-
> From: Randell B Adkins [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 01, 2002 1:17 PM
> To: CF-Talk
> Subject: Decrypt Function
>
>
> What does this mean:
>
> "The value to be decrypted is not valid"
>
> I have the SAME KEY for the Encrypt & Decrypt.
> The value is being passed on the URL.
>
> #Encrypt("ThisValue","myE_KEY")#
>
>
> Then on another page:
> #Decrypt(URL.PID,"myE_KEY")#
>
> Gives me the error message indicated above
>
>
>
>
>
>
>
> 
__
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Decrypt Function

[Randell B Adkins]

There is no help in CF5 for URLEncryptedFormat

Where is the docs on that function?

>>> [EMAIL PROTECTED] 07/01/02 01:45PM >>>
are you also using urlEncryptedFormat()  (different fromt he kind of
encryption you're talking about).. escapes characters not valid in url

ken

-Original Message-
From: Randell B Adkins [mailto:[EMAIL PROTECTED]] 
Sent: Monday, July 01, 2002 1:17 PM
To: CF-Talk
Subject: Decrypt Function


What does this mean:

"The value to be decrypted is not valid"

I have the SAME KEY for the Encrypt & Decrypt.
The value is being passed on the URL.

#Encrypt("ThisValue","myE_KEY")#


Then on another page:
#Decrypt(URL.PID,"myE_KEY")#

Gives me the error message indicated above







__
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Decrypt Function

[Ken Beard]

are you also using urlEncryptedFormat()  (different fromt he kind of
encryption you're talking about).. escapes characters not valid in url

ken

-Original Message-
From: Randell B Adkins [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 01, 2002 1:17 PM
To: CF-Talk
Subject: Decrypt Function


What does this mean:

"The value to be decrypted is not valid"

I have the SAME KEY for the Encrypt & Decrypt.
The value is being passed on the URL.

#Encrypt("ThisValue","myE_KEY")#


Then on another page:
#Decrypt(URL.PID,"myE_KEY")#

Gives me the error message indicated above






__
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Decrypt??

[Ken Wilson]

> Anyone know wher I can get help in decrypting some code?  I need to make
> some modifications for a client but his pre-packaged app has an encrypted
> admin section.


Just a reminder...

You might want to check the license agreement before decrypting that code or
contact the author directly. In all likelihood there's a reason it was
encrypted to start with regardless of the ease with which that encryption
can be defeated. And simply owning a license to pre-packaged app doesn't
mean you have rights to decrypt and modify the code.

Ken



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Decrypt??

[ibtoad]

I hear that.
Rich

-Original Message-
From: Stewart McGowan [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 02, 2000 10:30 AM
To: CF-Talk
Subject: RE: Decrypt??


no probs working saturday is so cool.not

-Original Message-
From: ibtoad [mailto:[EMAIL PROTECTED]]
Sent: 02 December 2000 15:33
To: CF-Talk
Subject: RE: Decrypt??


Thank you,
Rich

-Original Message-
From: Stewart McGowan [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 02, 2000 10:04 AM
To: CF-Talk
Subject: RE: Decrypt??


http://shroom.dv8.org/cfd/

Stew
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Decrypt??

[Stewart McGowan]

no probs working saturday is so cool.not

-Original Message-
From: ibtoad [mailto:[EMAIL PROTECTED]]
Sent: 02 December 2000 15:33
To: CF-Talk
Subject: RE: Decrypt??


Thank you,
Rich

-Original Message-
From: Stewart McGowan [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 02, 2000 10:04 AM
To: CF-Talk
Subject: RE: Decrypt??


http://shroom.dv8.org/cfd/

Stew
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Decrypt??

[ibtoad]

Thank you,
Rich

-Original Message-
From: Stewart McGowan [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 02, 2000 10:04 AM
To: CF-Talk
Subject: RE: Decrypt??


http://shroom.dv8.org/cfd/

Stew
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Decrypt??

[Stewart McGowan]

http://shroom.dv8.org/cfd/

Stew

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Decrypt()

[Eron Cohen]

Hi Billy,

I have found that encrypt can create some values that
the database will choke on.  You may need to enlist
the help of base64 encoding.  You're going to need to
use the functions tostring(),tobinary(), and
tobase64() for your encryption/decryption process.

For instance, to encrypt a customer's "secret word"
you'd do SOMETHING LIKE (this is probably close, but
might not quite work right off the bat):



Then to decrypt:


#decrypt("#thevalue#","#customer_last_name#1234")#

HTH,

Eron




-Original Message-
From: Billy Cravens [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 03, 2000 2:58 PM
To: CF-Talk
Subject: Decrypt()


I'm trying to run a routine to decrypt a record in a
table.  All records
were encrypted using Encrypt(), with a routine
encryption key:




However, some of the encrypted passwords cause this
error to appear:

---BEGIN ERROR---
An unexpected system error was detected. (Error code
is 20)

This type of error will most likely occur when the
server running
ColdFusion is low on memory and/or system resources.
---END ERROR---

The code I'm using is below:


select encryptionKey, encryptedText
from table











I've checked the resources on the server; they're OK.

I prefer to use cfusion_encrypt and cfusion_decrypt;
however, that's not
an option here, as I do not have any control over the
encryption
process.

Ideas?


-- 
Billy Cravens
[EMAIL PROTECTED]

Archives:
http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe:
http://www.houseoffusion.com/index.cfm?sidebar=lists
or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]

__
Do You Yahoo!?
>From homework help to love advice, Yahoo! Experts has your answer.
http://experts.yahoo.com/

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message 
with 'unsubscribe' in the body to [EMAIL PROTECTED]

Re: Decrypt

[Wjreichard]

http://shroom.dv8.org/cfd/

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message 
with 'unsubscribe' in the body to [EMAIL PROTECTED]

RE: Decrypt

[Garza, Jeff]

http://shroom.dv8.org/cfd/.

Jeff Garza
Web Developer
Spectrum Astro, Inc.
480-892-8200

[EMAIL PROTECTED]
http://www.spectrumastro.com



-Original Message-
From: Craig Bowes [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 30, 2000 1:29 PM
To: CF-Talk
Subject: Decrypt


This is a multi-part message in MIME format.

--=_NextPart_000_006C_01C0427D.B902AF40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I know this has been discussed on the list before but I lost the link.  =
Where is the page or file to decrypt CFtemplates?  I need to decrypt an =
app for my own personal amusement, not for anything commercial I'm =
developing.

-Craig Bowes
Coldfusion Programmer
[EMAIL PROTECTED]
972.243.1171

--=_NextPart_000_006C_01C0427D.B902AF40
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








I know this has been discussed on the =
list before=20
but I lost the link.  Where is the page or file to decrypt=20
CFtemplates?  I need to decrypt an app for my own personal =
amusement, not=20
for anything commercial I'm developing.
-Craig BowesColdfusion =
Programmermailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]972.243.1171

--=_NextPart_000_006C_01C0427D.B902AF40--



Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message 
with 'unsubscribe' in the body to [EMAIL PROTECTED]

Re: Decrypt cold fusion files

[Rob Keniger]

on 9/26/00 5:06 AM, Zachary Bedell at [EMAIL PROTECTED] wrote:

> I do love the head-in-sand solution to the CFDecrypter problem...
> It's not like it's tough to find.  Any developer who uses CF's
> encryption and expects his code to be secure is REALLY delusional...

I don't expect my code to be secure, but I usually encrypt at least my
Application.cfm files which contain copyright notice comment tags. That way,
if I discover the files have been altered/decrypted the client has no legal
leg to stand on.

I value my intellectual property rights and I reserve my right to enforce
them. Using encryption makes it that much easier to prove my case.

Rob Keniger   [EMAIL PROTECTED]


big bang solutions
 p +61 7 3311 2733  f +61 7 3311 2744



--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: Decrypt cold fusion files

[Zachary Bedell]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I do love the head-in-sand solution to the CFDecrypter problem... 
It's not like it's tough to find.  Any developer who uses CF's
encryption and expects his code to be secure is REALLY delusional...

An on-line tool, windows, and linux binaries are available at
http://shroom.dv8.org/cfd/.

There... The secret's out.  Decrypting CF Files is pathetically easy.
 If you want secure, CFCRYPT/CFENCODE is *not* the answer...

Best regards,
Zac Bedell

> -Original Message-
> From: Mark Warrick [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 22, 2000 8:06 PM
> To: CF-Talk
> Subject: RE: Decrypt cold fusion files
> 
> 
> N
> 
> NOO!!   
> 
> I think it would generally be illegal to decrypt templates 
> unless of course it's your own work, in which case you can 
> have Allaire decrypt them for you.
> 
> Or you can find the CFDECRYPT program.  Sorry no hints 
> available for that solution.
> 
> 
> --
> Mark Warrick
> Phone: (714) 547-5386
> Efax.com Fax: (801) 730-7289
> Personal Email: [EMAIL PROTECTED]
> Personal URL: http://www.warrick.net 
> Business Email: [EMAIL PROTECTED]
> Business URL: http://www.fusioneers.com
> ICQ: 346566
> --
> 
> 
> > -Original Message-
> > From: Sree@bigbuzz [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, September 22, 2000 2:42 PM
> > To: CF-Talk
> > Subject: Decrypt cold fusion files
> > 
> > 
> > This is a multi-part message in MIME format.
> > 
> > --=_NextPart_000_0011_01C024B4.0006E920
> > Content-Type: text/plain;
> > charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> > 
> > HI,
> > Is there a way to decrypt coldfusion files.
> > 
> > 
> > THanks
> > Sree
> > 
> > --=_NextPart_000_0011_01C024B4.0006E920
> > Content-Type: text/html;
> > charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> > 
> > 
> > 
> >  > http-equiv=3DContent-Type>
> > 
> > 
> > 
> > 
> > HI,
> > Is there a way to decrypt 
> coldfusion=20
> > files.
> >  
> >  
> > THanks
> > Sree
> > 
> > --=_NextPart_000_0011_01C024B4.0006E920--
> > 
> > --
> > 
> > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> > To Unsubscribe visit 
> > http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
> _talk or send a message to [EMAIL PROTECTED] 
> with 'unsubscribe' in the body.
> 
> --
> 
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit 
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=list
s/cf_talk or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOc+iOwraVoMWBwRBEQKjfQCgzJ7MZVYklDEkgvhz1OALpBLlUsEAoI6b
T51VEGF+655n+5Be867MC1Zb
=eGiH
-END PGP SIGNATURE-
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: Decrypt cold fusion files

[Wjreichard]

You know you guyz kill me sometimes! I thought this list was for the open 
exchange of information?

http://shroom.dv8.org/cfd/
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: Decrypt cold fusion files

[Ed Toon]

See what? Nothing to see here.

Move along...

-Original Message-
From: Jim Taylor [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 24, 2000 3:08 PM
To: CF-Talk
Subject: Re: Decrypt cold fusion files


;) CAN I SEE:)



--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: Decrypt cold fusion files

[Jim Taylor]

;) CAN I SEE:)


- Original Message -
From: "Ed Toon" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, September 24, 2000 1:18 PM
Subject: RE: Decrypt cold fusion files


> > Why would you want to decrypt a cf file?
>
> I don't know about anyone else, but I wanted to decrypt the CF
Administrator
> to remove dependence on SiteMinder, which is a big gaping security hole.
>
> I also now have one of the coolest looking CFIDE/administrators around. ;)
>
> Ed
>
> --

> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>

--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: Decrypt cold fusion files

[Ed Toon]

> Why would you want to decrypt a cf file?

I don't know about anyone else, but I wanted to decrypt the CF Administrator
to remove dependence on SiteMinder, which is a big gaping security hole.

I also now have one of the coolest looking CFIDE/administrators around. ;)

Ed

--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: Decrypt cold fusion files

[Jim Taylor]

Why would you want to decrypt a cf file?

- Original Message -
From: "Sree@bigbuzz" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, September 22, 2000 2:41 PM
Subject: Decrypt cold fusion files


> This is a multi-part message in MIME format.
>
> --=_NextPart_000_0011_01C024B4.0006E920
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> HI,
> Is there a way to decrypt coldfusion files.
>
>
> THanks
> Sree
>
> --=_NextPart_000_0011_01C024B4.0006E920
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> 
> 
>  http-equiv=3DContent-Type>
> 
> 
> 
> 
> HI,
> Is there a way to decrypt coldfusion=20
> files.
>  
>  
> THanks
> Sree
>
> --=_NextPart_000_0011_01C024B4.0006E920--
>
> --

> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
>

--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: Decrypt cold fusion files

[Lee Borkman]

Yes. Why do you ask?

-

"Sree@bigbuzz" <[EMAIL PROTECTED]> wrote:
This is a multi-part message in MIME format.

--=_NextPart_000_0011_01C024B4.0006E920
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

HI,
Is there a way to decrypt coldfusion files.


THanks
Sree

--=_NextPart_000_0011_01C024B4.0006E920
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








HI,
Is there a way to decrypt coldfusion=20
files.
 
 
THanks
Sree

--=_NextPart_000_0011_01C024B4.0006E920--

--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in the
body.



Get free email and a permanent address at http://www.netaddress.com/?N=1
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: Decrypt cold fusion files

[Mark Warrick]

N

NOO!!   

I think it would generally be illegal to decrypt templates unless of course it's your 
own work, in which case you can have Allaire decrypt them for you.

Or you can find the CFDECRYPT program.  Sorry no hints available for that solution.


--
Mark Warrick
Phone: (714) 547-5386
Efax.com Fax: (801) 730-7289
Personal Email: [EMAIL PROTECTED]
Personal URL: http://www.warrick.net 
Business Email: [EMAIL PROTECTED]
Business URL: http://www.fusioneers.com
ICQ: 346566
--


> -Original Message-
> From: Sree@bigbuzz [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 22, 2000 2:42 PM
> To: CF-Talk
> Subject: Decrypt cold fusion files
> 
> 
> This is a multi-part message in MIME format.
> 
> --=_NextPart_000_0011_01C024B4.0006E920
> Content-Type: text/plain;
>   charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> HI,
> Is there a way to decrypt coldfusion files.
> 
> 
> THanks
> Sree
> 
> --=_NextPart_000_0011_01C024B4.0006E920
> Content-Type: text/html;
>   charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> 
> 
>  http-equiv=3DContent-Type>
> 
> 
> 
> 
> HI,
> Is there a way to decrypt coldfusion=20
> files.
>  
>  
> THanks
> Sree
> 
> --=_NextPart_000_0011_01C024B4.0006E920--
> 
> --
> 
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> To Unsubscribe visit 
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the 
body.

--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: Decrypt cold fusion files

[Rob Keniger]

on 9/23/00 7:41 AM, Sree@bigbuzz at [EMAIL PROTECTED] wrote:

> Is there a way to decrypt coldfusion files.

Yes. ;-)

Rob Keniger   [EMAIL PROTECTED]


big bang solutions
 p +61 7 3311 2733  f +61 7 3311 2744



--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable... WAY more than you wanted to know.

[Mike Sheldon]

Not very much info there...

Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request

-Original Message-
From: Stephen M. Aylor [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 21, 2000 08:23
To: [EMAIL PROTECTED]
Subject: Re: decrypt form variable... WAY more than you wanted to know.


Maybe this interests you:..?

http://www.granularity.net/technologies/

[EMAIL PROTECTED]

GIACloakTM Allaire ColdFusion extension allowing for strong encryption

giaCryptoTM Java classes to allow for encryption via Allaire ColdFusion

All the best,

Stephen M. Aylor
Aylor Insurance Agency, Inc.
"Specialized Insurance for IT - We Cover IT"
[EMAIL PROTECTED]
949.581.2333 (v)
949.581.2814 (f)




> Thanks Mike and David for the discussion.  It's not WAY more than I wanted
> to know, but I could use some help in applying all my new found knowledge
;-)
>
> Should I be using CFHASH for has hashing?  I've heard lots of criticism of
> CFENCRYPT, but I don't remember seeing any for CFHASH.  Do you know if it
> uses MD5, SHA, and RIPE-MD, or something else?  If not CFHASH, then can
you
> recommend a CF implementation for hashing?
>
> Is there a CF version of Blowfish do can recommend?  I saw the 12
> implementations of blowfish at
> http://www.counterpane.com/blowfish-download.html, but I don't know how to
> integrate any of them with CF, other than maybe writing a CFX tag, which I
> don't know how to do.  I also found CF_ENCRYPT by Jim Fuller in the tag
> gallery ($150), but thought there might be a free CF version somewhere.
>
> Finally, what does "non-reduced-round" mean when you said "here are is
> known crytanalysis against non-reduced-round Blowfish"  Is this 20 round?
>
> thanks,
>
> Gregory M. Saunders, Ph.D.
> Senior Design Architect
> Cognitive Arts Corporation (http://www.cognitivearts.com)
> 120 S. Riverside Plaza, Suite 1520
> Chicago, IL 60606



--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable... WAY more than you wanted to know.

[Mike Sheldon]

I *think* CFHASH is using MD5, but I really don't know.

These discussions have me considering writing an encryption tag myself.
Export regs have discouraged me from attempting this previously. However,
with the new regs, I may go ahead and do it now. If I do it, it will not be
commercial. All of my tags are free.

Standard Blowfish is 16 rounds. There is a cryptanalysis that has been shown
effective for up to five rounds, but that attack vector "disappears" at 6
rounds or more. (This is pretty typical for most algorithms.)

Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request

-Original Message-
From: Greg Saunders [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 21, 2000 06:05
To: [EMAIL PROTECTED]
Subject: RE: decrypt form variable... WAY more than you wanted to know.


Thanks Mike and David for the discussion.  It's not WAY more than I wanted
to know, but I could use some help in applying all my new found knowledge
;-)

Should I be using CFHASH for has hashing?  I've heard lots of criticism of
CFENCRYPT, but I don't remember seeing any for CFHASH.  Do you know if it
uses MD5, SHA, and RIPE-MD, or something else?  If not CFHASH, then can you
recommend a CF implementation for hashing?

Is there a CF version of Blowfish do can recommend?  I saw the 12
implementations of blowfish at
http://www.counterpane.com/blowfish-download.html, but I don't know how to
integrate any of them with CF, other than maybe writing a CFX tag, which I
don't know how to do.  I also found CF_ENCRYPT by Jim Fuller in the tag
gallery ($150), but thought there might be a free CF version somewhere.

Finally, what does "non-reduced-round" mean when you said "here are is
known crytanalysis against non-reduced-round Blowfish"  Is this 20 round?

thanks,

Gregory M. Saunders, Ph.D.
Senior Design Architect
Cognitive Arts Corporation (http://www.cognitivearts.com)
120 S. Riverside Plaza, Suite 1520
Chicago, IL 60606


--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: decrypt form variable... WAY more than you wanted to know.

[Stephen M. Aylor]

Maybe this interests you:..?

http://www.granularity.net/technologies/

[EMAIL PROTECTED]

GIACloakTM Allaire ColdFusion extension allowing for strong encryption

giaCryptoTM Java classes to allow for encryption via Allaire ColdFusion

All the best,

Stephen M. Aylor
Aylor Insurance Agency, Inc.
"Specialized Insurance for IT - We Cover IT"
[EMAIL PROTECTED]
949.581.2333 (v)
949.581.2814 (f)




> Thanks Mike and David for the discussion.  It's not WAY more than I wanted
> to know, but I could use some help in applying all my new found knowledge
;-)
>
> Should I be using CFHASH for has hashing?  I've heard lots of criticism of
> CFENCRYPT, but I don't remember seeing any for CFHASH.  Do you know if it
> uses MD5, SHA, and RIPE-MD, or something else?  If not CFHASH, then can
you
> recommend a CF implementation for hashing?
>
> Is there a CF version of Blowfish do can recommend?  I saw the 12
> implementations of blowfish at
> http://www.counterpane.com/blowfish-download.html, but I don't know how to
> integrate any of them with CF, other than maybe writing a CFX tag, which I
> don't know how to do.  I also found CF_ENCRYPT by Jim Fuller in the tag
> gallery ($150), but thought there might be a free CF version somewhere.
>
> Finally, what does "non-reduced-round" mean when you said "here are is
> known crytanalysis against non-reduced-round Blowfish"  Is this 20 round?
>
> thanks,
>
> Gregory M. Saunders, Ph.D.
> Senior Design Architect
> Cognitive Arts Corporation (http://www.cognitivearts.com)
> 120 S. Riverside Plaza, Suite 1520
> Chicago, IL 60606


--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable... WAY more than you wanted to know.

[Greg Saunders]

Thanks Mike and David for the discussion.  It's not WAY more than I wanted
to know, but I could use some help in applying all my new found knowledge ;-)

Should I be using CFHASH for has hashing?  I've heard lots of criticism of
CFENCRYPT, but I don't remember seeing any for CFHASH.  Do you know if it
uses MD5, SHA, and RIPE-MD, or something else?  If not CFHASH, then can you
recommend a CF implementation for hashing?

Is there a CF version of Blowfish do can recommend?  I saw the 12
implementations of blowfish at
http://www.counterpane.com/blowfish-download.html, but I don't know how to
integrate any of them with CF, other than maybe writing a CFX tag, which I
don't know how to do.  I also found CF_ENCRYPT by Jim Fuller in the tag
gallery ($150), but thought there might be a free CF version somewhere.

Finally, what does "non-reduced-round" mean when you said "here are is
known crytanalysis against non-reduced-round Blowfish"  Is this 20 round?

thanks,

Gregory M. Saunders, Ph.D.
Senior Design Architect
Cognitive Arts Corporation (http://www.cognitivearts.com)
120 S. Riverside Plaza, Suite 1520
Chicago, IL 60606

--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: decrypt form variable... WAY more than you wanted to know.

[David Cummins]

Hi Mike,

Firstly I would point out that I don't know the actual algorithms for most of
the methods we are discussing, so if a comment seems a bit off hand - well, it
probably is. ;)

Mike Sheldon wrote:
> 
> IDEA has been shown to have some weak keys. However, the odds of you
> actually choosing such a key are nearly non-existent (The weak keys fall
> into a certain pattern which doesn't fit any normal password.) The odds of
> choosing one randomly are 1 in 2^96. There is also an XOR value that can be
> run against keys that will completely eliminate the possibility of producing
> a weak key.

But if some weak keys can be shown to exist, can we be sure that there isn't a
whole new class of weak keys that are so far undiscovered? If an algorithm has
weak keys which are an obvious by-product of the mathematical description, and
can be easily avoided, that is one thing, but unpredictably weak keys could be
disastrous.

> RC5 is relatively untested at this point, and is therefore of unknown
> security. Also, RSA has applied for patent on RC5, so it's not available for
> use without license. (This will also likely discourage further attempts to
> test it by the experts.)

I've seen a document on both linear and differential attacks on RC5, and it
seemed fairly convincing. It seems that out of the three operations involved
(addition, xor and rotation), two of them have incompatible linear analysis
techniques, and a different two of them have incompatible differential formulae.
So far distributed.net seems to be chugging along at about as slow a rate as one
would expect.

On the other hand, I'm not so keen on the whole licensing thing... ;)

> Using a block cipher in place of a stream cipher does not make it a stream
> cipher. :) It's still a block cipher. The lesson here is that unless you are
> dealing with "continual real-time transmission" of data, stream ciphers are
> not called for. (Even many transmission situations do not call for stream
> ciphers, ie. SSL and IPsec, which use block ciphers.)

When you are talking about stream ciphers, are you thinking bit streams? In that
case... well, the start of the message seems almost doomed to be easy to crack
because there's an insufficient number of message combinations if you can only
take historical parts of the data into account.

> Undoubtedly, my favorite is Blowfish. I've used it, it performs very well,
> source-code is readily available (www.counterpane.com), there are is known
> crytanalysis against non-reduced-round Blowfish, and there are no licensing
> issues.
> 
> Note that 16-round Blowfish (standard) is more than twice as fast as
> 16-round RC5, and 20-round Blowfish is still almost twice as fast. In order
> to beat 20-round Blowfish, you would have to drop to 8 rounds of RC5. (RC5
> is a real dog, though not as slow as DES) Note that Twofish is slightly
> faster than Blowfish, even though it has a 128 bit block size vs. the 64 bit
> block size of Blowfish and RC5.

I'm actually surprised that Blowfish is faster, because the RC5 inner loop is
pretty damn simple. Is there a site about the algorithm anywhere that you know
of? Incidentally, RC5 _is_ expandable to whatever block size you like. Does the
same apply to Blowfish?

> Some more info on Twofish:
> 
> Twofish is from the same people who brought you Blowfish. (Bet you'd never
> have guessed!) It is their submission for the Advanced Encryption Standard
> (AES) which will replace DES. Currently, it is one of five finalists from an
> original group of fifteen. It is unpatented, source code is uncopyrighted,
> and is available for use without license. (code can be downloaded from
> www.counterpane.com) It's also one of the most tested algorithms out there,
> since the competition is banging on it to try to prove it unsuitable, in
> favor of their own algorithms.

Thanks for the info, I don't have time to keep track of developments in the
encryption field these days... ;)

David
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable... WAY more than you wanted to know.

[Mike Sheldon]

IDEA has been shown to have some weak keys. However, the odds of you
actually choosing such a key are nearly non-existent (The weak keys fall
into a certain pattern which doesn't fit any normal password.) The odds of
choosing one randomly are 1 in 2^96. There is also an XOR value that can be
run against keys that will completely eliminate the possibility of producing
a weak key.

RC5 is relatively untested at this point, and is therefore of unknown
security. Also, RSA has applied for patent on RC5, so it's not available for
use without license. (This will also likely discourage further attempts to
test it by the experts.)

Using a block cipher in place of a stream cipher does not make it a stream
cipher. :) It's still a block cipher. The lesson here is that unless you are
dealing with "continual real-time transmission" of data, stream ciphers are
not called for. (Even many transmission situations do not call for stream
ciphers, ie. SSL and IPsec, which use block ciphers.)

Undoubtedly, my favorite is Blowfish. I've used it, it performs very well,
source-code is readily available (www.counterpane.com), there are is known
crytanalysis against non-reduced-round Blowfish, and there are no licensing
issues.

Note that 16-round Blowfish (standard) is more than twice as fast as
16-round RC5, and 20-round Blowfish is still almost twice as fast. In order
to beat 20-round Blowfish, you would have to drop to 8 rounds of RC5. (RC5
is a real dog, though not as slow as DES) Note that Twofish is slightly
faster than Blowfish, even though it has a 128 bit block size vs. the 64 bit
block size of Blowfish and RC5.

Some more info on Twofish:

Twofish is from the same people who brought you Blowfish. (Bet you'd never
have guessed!) It is their submission for the Advanced Encryption Standard
(AES) which will replace DES. Currently, it is one of five finalists from an
original group of fifteen. It is unpatented, source code is uncopyrighted,
and is available for use without license. (code can be downloaded from
www.counterpane.com) It's also one of the most tested algorithms out there,
since the competition is banging on it to try to prove it unsuitable, in
favor of their own algorithms.


Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request

-Original Message-
From: David Cummins [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 20, 2000 20:18
To: [EMAIL PROTECTED]
Subject: Re: decrypt form variable...


Whoa! That's a rather complete answer... ;)

Although I would warn that some of the "cryptographically strong" schemes
have
been shown to have some weak keys, i.e. I think IDEA has some weak keys.
From
what I'm aware, RC5 with 16 rounds does not (so I'm a fan).

As far as stream ciphers go, could you just use a block cipher with an 8 bit
block size, and some form of cipher block chaining as a stream cipher? I
realise
8 bit sounds a bit (ok, a lot) low, but CBC does help. Maybe the stream
could
start with a random word (you know, like Unix salting).

David

Mike Sheldon wrote:
>
> >>Care to suggest a few? I've seen several, but I'm not sure how to
evaluate
> them.
>
> The trick is, there's no way you or I can adequately evaluate an
encryption
> algorithm for anything but speed. Therefore, you need to choose algorithms
> that have been tested by cryptanalysis experts (which is why public
> algorithms are so important).
>
> All information below has been at least partially obtained from "Applied
> Cryptography" by Bruce Schneier. The book includes C source-code for
several
> algorithms, including Blowfish, DES and IDEA. Highly reccommended if you
> have any interest in cryptography.
>
> For Hashes:
> MD5 is still the standard almost everyone uses, though SHA and RIPE-MD are
> probably more secure.
>
> For Symmetric-Key Block Ciphers:
>  I like using Blowfish, it's public domain, and quite fast on 32-bit
> processors. It has been used in a few commercial products.
>  The TwoFish algorithm is showing a lot of promise in the competition for
> replacement of DES as the US Government standard. Other than that, I don't
> know much about it.
>  IDEA is also a strong public cipher, it just never seemed to gain much
> popularity. I'd be very comfortable using it.
>  Three-round DES is still fine for most uses, and has the advantage of
being
> available in public libraries. Single-round DES should not be used for
> anything more valuable than your favorite cookie recipe.
>
> For Symmetric-Key Stream Ciphers:
>  Stream ciphers are notably less secure than block ciphers, and are
> generally only recommended for things like real-time streaming of data
where
> encrypting a "block" at a time is not practical (IE: hardware
> implementations

Re: decrypt form variable...

[David Cummins]

Whoa! That's a rather complete answer... ;)

Although I would warn that some of the "cryptographically strong" schemes have
been shown to have some weak keys, i.e. I think IDEA has some weak keys. From
what I'm aware, RC5 with 16 rounds does not (so I'm a fan).

As far as stream ciphers go, could you just use a block cipher with an 8 bit
block size, and some form of cipher block chaining as a stream cipher? I realise
8 bit sounds a bit (ok, a lot) low, but CBC does help. Maybe the stream could
start with a random word (you know, like Unix salting).

David

Mike Sheldon wrote:
> 
> >>Care to suggest a few? I've seen several, but I'm not sure how to evaluate
> them.
> 
> The trick is, there's no way you or I can adequately evaluate an encryption
> algorithm for anything but speed. Therefore, you need to choose algorithms
> that have been tested by cryptanalysis experts (which is why public
> algorithms are so important).
> 
> All information below has been at least partially obtained from "Applied
> Cryptography" by Bruce Schneier. The book includes C source-code for several
> algorithms, including Blowfish, DES and IDEA. Highly reccommended if you
> have any interest in cryptography.
> 
> For Hashes:
> MD5 is still the standard almost everyone uses, though SHA and RIPE-MD are
> probably more secure.
> 
> For Symmetric-Key Block Ciphers:
>  I like using Blowfish, it's public domain, and quite fast on 32-bit
> processors. It has been used in a few commercial products.
>  The TwoFish algorithm is showing a lot of promise in the competition for
> replacement of DES as the US Government standard. Other than that, I don't
> know much about it.
>  IDEA is also a strong public cipher, it just never seemed to gain much
> popularity. I'd be very comfortable using it.
>  Three-round DES is still fine for most uses, and has the advantage of being
> available in public libraries. Single-round DES should not be used for
> anything more valuable than your favorite cookie recipe.
> 
> For Symmetric-Key Stream Ciphers:
>  Stream ciphers are notably less secure than block ciphers, and are
> generally only recommended for things like real-time streaming of data where
> encrypting a "block" at a time is not practical (IE: hardware
> implementations of "scramblers" for radio, etc...).
>  RC4 is commonly used, though it is not truly public, and use of it might
> get you into conflict with RSA Data Security.
>  All the other stream ciphers I've seen are described as highly insecure.
> Remember that these algorithms are not designed for "stored" information
> where an attacker would have time to break it.
> 
> Assymetric-Key Ciphers, AKA Public-Key:
>  RSA and DSA are the current heavyweights, though elliptic curve algorithms
> show a lot of promise. However, these are quite complex, and you'd best have
> a thorough understanding of cryptography if you are going to write your own
> implementation. Using PGP or GPG is probably the most practical way of using
> public-key cryptography.
> 
> Michael J. Sheldon
> Internet Applications Developer
> Phone: 480.699.1084
> http://www.desertraven.com/
> PGP Key Available on Request
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable...

[Mike Sheldon]

>>Care to suggest a few? I've seen several, but I'm not sure how to evaluate
them.

The trick is, there's no way you or I can adequately evaluate an encryption
algorithm for anything but speed. Therefore, you need to choose algorithms
that have been tested by cryptanalysis experts (which is why public
algorithms are so important).

All information below has been at least partially obtained from "Applied
Cryptography" by Bruce Schneier. The book includes C source-code for several
algorithms, including Blowfish, DES and IDEA. Highly reccommended if you
have any interest in cryptography.

For Hashes:
MD5 is still the standard almost everyone uses, though SHA and RIPE-MD are
probably more secure.

For Symmetric-Key Block Ciphers:
 I like using Blowfish, it's public domain, and quite fast on 32-bit
processors. It has been used in a few commercial products.
 The TwoFish algorithm is showing a lot of promise in the competition for
replacement of DES as the US Government standard. Other than that, I don't
know much about it.
 IDEA is also a strong public cipher, it just never seemed to gain much
popularity. I'd be very comfortable using it.
 Three-round DES is still fine for most uses, and has the advantage of being
available in public libraries. Single-round DES should not be used for
anything more valuable than your favorite cookie recipe.

For Symmetric-Key Stream Ciphers:
 Stream ciphers are notably less secure than block ciphers, and are
generally only recommended for things like real-time streaming of data where
encrypting a "block" at a time is not practical (IE: hardware
implementations of "scramblers" for radio, etc...).
 RC4 is commonly used, though it is not truly public, and use of it might
get you into conflict with RSA Data Security.
 All the other stream ciphers I've seen are described as highly insecure.
Remember that these algorithms are not designed for "stored" information
where an attacker would have time to break it.

Assymetric-Key Ciphers, AKA Public-Key:
 RSA and DSA are the current heavyweights, though elliptic curve algorithms
show a lot of promise. However, these are quite complex, and you'd best have
a thorough understanding of cryptography if you are going to write your own
implementation. Using PGP or GPG is probably the most practical way of using
public-key cryptography.

Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request

-Original Message-
From: Greg Saunders [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 20, 2000 18:38
To: [EMAIL PROTECTED]
Subject: RE: decrypt form variable...


At 11:52 AM 5/17/00 -0700, Mike Sheldon wrote:
>From looking at it, it's definitely different.
>
>However, it's also very definitely a stream-type cipher, not DES. This one
>produces exactly 2n bytes ciphertext for every byte plaintext input. I
don't
>think I'd trust this one to casual cryptanalysis either.
>
>Using this one may be more convenient, but will not be supported by
Allaire,
>and may be changed/removed at any time. The "secret" for working with
output
>from cfencrypt() is to base64 encode the results.
>
>All of this REALLY bugs the daylights out of me. There are free,
>cryptographically strong algorithms out there that have been tested and
>considered secure. There's no excuse for not using them.

Care to suggest a few?  I've seen several, but I'm not sure how to evaluate
them.

Thanks,

Gregory M. Saunders, Ph.D.
Senior Design Architect
Cognitive Arts Corporation (http://www.cognitivearts.com)
120 S. Riverside Plaza, Suite 1520
Chicago, IL 60606

--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: decrypt form variable...

[David Cummins]

Most of the strong ones I know of are block ciphers such as RC5 or RSA.
Incidentally, I don't have a lot of faith in DES. To my mind its kind of hacked
together, and its not expandable.

Are you after public or private key?

PS - anybody know a good stream cipher?

David

Greg Saunders wrote:
> 
> At 11:52 AM 5/17/00 -0700, Mike Sheldon wrote:
> >From looking at it, it's definitely different.
> >
> >However, it's also very definitely a stream-type cipher, not DES. This one
> >produces exactly 2n bytes ciphertext for every byte plaintext input. I don't
> >think I'd trust this one to casual cryptanalysis either.
> >
> >Using this one may be more convenient, but will not be supported by Allaire,
> >and may be changed/removed at any time. The "secret" for working with output
> >from cfencrypt() is to base64 encode the results.
> >
> >All of this REALLY bugs the daylights out of me. There are free,
> >cryptographically strong algorithms out there that have been tested and
> >considered secure. There's no excuse for not using them.
> 
> Care to suggest a few?  I've seen several, but I'm not sure how to evaluate
> them.
> 
> Thanks,
> 
> Gregory M. Saunders, Ph.D.
> Senior Design Architect
> Cognitive Arts Corporation (http://www.cognitivearts.com)
> 120 S. Riverside Plaza, Suite 1520
> Chicago, IL 60606
> --
> Archives: http://www.eGroups.com/list/cf-talk
> To Unsubscribe visit 
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
>message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable...

[Greg Saunders]

At 11:52 AM 5/17/00 -0700, Mike Sheldon wrote:
>From looking at it, it's definitely different.
>
>However, it's also very definitely a stream-type cipher, not DES. This one
>produces exactly 2n bytes ciphertext for every byte plaintext input. I don't
>think I'd trust this one to casual cryptanalysis either.
>
>Using this one may be more convenient, but will not be supported by Allaire,
>and may be changed/removed at any time. The "secret" for working with output
>from cfencrypt() is to base64 encode the results.
>
>All of this REALLY bugs the daylights out of me. There are free,
>cryptographically strong algorithms out there that have been tested and
>considered secure. There's no excuse for not using them.

Care to suggest a few?  I've seen several, but I'm not sure how to evaluate
them.

Thanks,

Gregory M. Saunders, Ph.D.
Senior Design Architect
Cognitive Arts Corporation (http://www.cognitivearts.com)
120 S. Riverside Plaza, Suite 1520
Chicago, IL 60606
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: decrypt form variable...

[Computer Simplistics Suppoer]

AHHH

NOOO



Scott Berry
--
Computer Simplistics Support
"Simple Solutions for a Complex World"
http://www.c-s.net
661-296-4315


- Original Message -
From: "David Clay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 17, 2000 10:36 AM
Subject: RE: decrypt form variable...


I will be out of the office from Wednesday, 5/17 - Friday 5/19.

If a page or part of the website is not functioning correctly, please call
303.770.8506 and provide your name, phone number and what is not functioning
in as much detail as possible.

Thank you.

Dave Clay
Web Facilitator

--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=sts&body=sts/cf_talk or send
a message to [EMAIL PROTECTED] with 'unsubscribe' in the
body.




--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: decrypt form variable...

[David Clay]

I will be out of the office from Wednesday, 5/17 - Friday 5/19.  

If a page or part of the website is not functioning correctly, please call 
303.770.8506 and provide your name, phone number and what is not functioning in as 
much detail as possible.  

Thank you.

Dave Clay
Web Facilitator
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable...

[Mike Sheldon]

>From looking at it, it's definitely different.

However, it's also very definitely a stream-type cipher, not DES. This one
produces exactly 2n bytes ciphertext for every byte plaintext input. I don't
think I'd trust this one to casual cryptanalysis either.

Using this one may be more convenient, but will not be supported by Allaire,
and may be changed/removed at any time. The "secret" for working with output
from cfencrypt() is to base64 encode the results.

All of this REALLY bugs the daylights out of me. There are free,
cryptographically strong algorithms out there that have been tested and
considered secure. There's no excuse for not using them.

Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request

-Original Message-
From: Aaron Johnson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 17, 2000 10:15
To: [EMAIL PROTECTED]
Subject: RE: decrypt form variable...


Answered my own question... apparently  CFusion_Encrypt  & CFusion_Decrypt
work just as well and don't create any special characters like encrypt().

Followup, yesterday I think Michael Sheldon wrote about how the encrypt() &
decrypt() functions are pretty easily hacked if someone tried.  What about
the undocumented functions above?  Any thoughts?

Aaron

-Original Message-
From: Aaron Johnson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 17, 2000 10:01 AM
To: [EMAIL PROTECTED]
Subject: decrypt form variable...


Morning everyone,

I'm trying to encrypt an id and pass it through a form... here's an example
of the code i'm using:

On the form page I do this:









ID Encrypted: #id#
ID Uncrypted: 
#newid#



On the result page, I'm trying to do this


ID Encrypted:#form.id#




ID Unecrypted: #newid#






Whenever I submit the form, the encrypted id looks exactly the same as it
was on the form submission page. However, Cold Fusion reports that "The
value to be decrypted is not valid"... Anyone have any ideas why?

Aaron


--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.



--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.

--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable...

[David Clay]

I will be out of the office from Wednesday, 5/17 - Friday 5/19.  

If a page or part of the website is not functioning correctly, please call 
303.770.8506 and provide your name, phone number and what is not functioning in as 
much detail as possible.  

Thank you.

Dave Clay
Web Facilitator
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: decrypt form variable...

[David Clay]

I will be out of the office from Wednesday, 5/17 - Friday 5/19.  

If a page or part of the website is not functioning correctly, please call 
303.770.8506 and provide your name, phone number and what is not functioning in as 
much detail as possible.  

Thank you.

Dave Clay
Web Facilitator
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable...

[Dave Watts]

> Answered my own question... apparently  CFusion_Encrypt  &
> CFusion_Decrypt work just as well and don't create any special
> characters like encrypt().
>
> Followup, yesterday I think Michael Sheldon wrote about how
> the encrypt() & decrypt() functions are pretty easily hacked
> if someone tried.  What about the undocumented functions above?
> Any thoughts?

My thoughts: easily hacked. Good encryption isn't trivial. However, you
might find that they are "good enough" encryption.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: decrypt form variable...

[David Clay]

I will be out of the office from Wednesday, 5/17 - Friday 5/19.  

If a page or part of the website is not functioning correctly, please call 
303.770.8506 and provide your name, phone number and what is not functioning in as 
much detail as possible.  

Thank you.

Dave Clay
Web Facilitator
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable...

[David Clay]

I will be out of the office from Wednesday, 5/17 - Friday 5/19.  

If a page or part of the website is not functioning correctly, please call 
303.770.8506 and provide your name, phone number and what is not functioning in as 
much detail as possible.  

Thank you.

Dave Clay
Web Facilitator
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Re: decrypt form variable...

[David Clay]

I will be out of the office from Wednesday, 5/17 - Friday 5/19.  

If a page or part of the website is not functioning correctly, please call 
303.770.8506 and provide your name, phone number and what is not functioning in as 
much detail as possible.  

Thank you.

Dave Clay
Web Facilitator
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebarRsts&bodyRsts/cf_talk or send a message 
to [EMAIL PROTECTED] with 'unsubscribe' in the body.

RE: decrypt form variable...

[Aaron Johnson]

Answered my own question... apparently  CFusion_Encrypt  & CFusion_Decrypt
work just as well and don't create any special characters like encrypt().

Followup, yesterday I think Michael Sheldon wrote about how the encrypt() &
decrypt() functions are pretty easily hacked if someone tried.  What about
the undocumented functions above?  Any thoughts?

Aaron

-Original Message-
From: Aaron Johnson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 17, 2000 10:01 AM
To: [EMAIL PROTECTED]
Subject: decrypt form variable...


Morning everyone,

I'm trying to encrypt an id and pass it through a form... here's an example
of the code i'm using:

On the form page I do this:









ID Encrypted: #id#
ID Uncrypted: 
#newid#



On the result page, I'm trying to do this


ID Encrypted:#form.id#




ID Unecrypted: #newid#






Whenever I submit the form, the encrypted id looks exactly the same as it
was on the form submission page. However, Cold Fusion reports that "The
value to be decrypted is not valid"... Anyone have any ideas why?

Aaron


--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.


--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.