no it certainly is not useless. The whole point in hashing a value is so that it cannot be decrypted, typically this is used for passwords.
Imagine a hacker gets into your web app, which is extremely common, then all your encrypted data is useless, because he has access to your code and can decrypt it all at leisure. This is how all your personal data gets stolen or your identity. You signed up on some website that had poor security, the hackers got in and got their database, decrypted all the data, and got all your personal details including username/password.They will then typically take the username/password you used on this site and try it on other sites as well, so anywhere else you used the same login is now also compromised. Most decent websites these days will hash sensitive data so that it cannot be decrypted and stolen. Any code you do have which decrypts data, should be protected from prying eyes, in the case of CF you could compile the CFML to a java class and only upload that to the server, don;t think there is anything much better than that for CF sadly. Or with PHP you would use somehting like Ioncube. On Thu, Mar 12, 2015 at 12:59 PM, Rick Sanders <r...@webenergy.ca> wrote: > > So basically MD5 is useless if you can't decrypt the value! That sucks. > > Kind regards, > > Rick > > -----Original Message----- > From: Dave Watts [mailto:dwa...@figleaf.com] > Sent: Thursday, March 12, 2015 9:57 AM > To: cf-talk > Subject: Re: Decrypting MD5 > > > > I want to know if I can decrypt passwords stored as MD5 in a SQL > > Server database using the Decrypt function? There are online tools out > there that decrypt MD5 so I'm hoping that I can do this in CF. > > There are no tools that actually decrypt MD5 hashes, to the best of my > knowledge. MD5 is a hashing algorithm, not an encryption algorithm. It lets > you take a plaintext value and generates a hashed value, which cannot be > decrypted. > > These online tools don't decrypt MD5 hashes. Instead, they have large > databases of plaintext values and their corresponding MD5 hashes. When you > hash a value, you should always get the same hash, so these tools compare > the hash you provide against their database of existing hash values, and > then lookup the corresponding plaintext value. > > Dave Watts, CTO, Fig Leaf Software > 1-202-527-9569 > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business > (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- > authorized instruction at our training centers, online, or onsite. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360244 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
