RE: does everyone always encrypt?? decrypter?

Wed, 26 Apr 2000 16:20:49 -0700 

Does this header act as an identifier to differentiate between various
flavors of encryption or is it just a standard DES header? If it is an
identifier, what are the other possibilities and where did you get this
information?

Part of the header is encrypted:

Allaire Cold Fusion Template
Header Size: New Versionٔ*�5&���5k�M� ... blah, blah, blah

Presumeably, this is DES. That being the case, CF must first decrypt the
message using DES. If it then came upon another form of encryption, it would
have to first identify that algorithm, unless it was already known, load
another decryption module, decrypt again, then execute the template. This
would incur additional overhead, varying upon what algorithm was used, which
would then effect the performance of the server.

Regards,

Steve


-----Original Message-----
From: Howie Hamlin [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 26, 2000 11:46 AM
To: [EMAIL PROTECTED]
Subject: Re: does everyone always encrypt?? decrypter?



----- Original Message -----
From: Steve Bernard <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 26, 2000 11:02 AM
Subject: RE: does everyone always encrypt?? decrypter?


> CF uses DES for encryption. This is used because it has good performance
> while maintaining decent encryption. The "cracker" as you put it simply
> decrypts DES. If Allaire were to change the encryption algorithm templates
> encrypted by the previous algorithm would no longer work unless the system
> first interrogated the file to discover it's encryption method. This would
> incur an unacceptable performance hit in high volume applications.

Not true.  Allaire does not simply encrypt the file as-is...they include a
custom header to the encrypted file which they use to easily determine the
encryption method.

Regards,

Howie

> Allaire has stated in the past that encrypting templates does not provide
> complete security, but it does provide enough so that the typical user can
> not read the plain text. Once someone has uninterrupted access to any code
> it is only a matter of time before it is cracked.
>
> Regards,
>
> Steve

------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit 
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a 
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.

Reply via email to