>From looking at it, it's definitely different.
However, it's also very definitely a stream-type cipher, not DES. This one
produces exactly 2n bytes ciphertext for every byte plaintext input. I don't
think I'd trust this one to casual cryptanalysis either.
Using this one may be more convenient, but will not be supported by Allaire,
and may be changed/removed at any time. The "secret" for working with output
from cfencrypt() is to base64 encode the results.
All of this REALLY bugs the daylights out of me. There are free,
cryptographically strong algorithms out there that have been tested and
considered secure. There's no excuse for not using them.
Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request
-----Original Message-----
From: Aaron Johnson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 17, 2000 10:15
To: [EMAIL PROTECTED]
Subject: RE: decrypt form variable...
Answered my own question... apparently CFusion_Encrypt & CFusion_Decrypt
work just as well and don't create any special characters like encrypt().
Followup, yesterday I think Michael Sheldon wrote about how the encrypt() &
decrypt() functions are pretty easily hacked if someone tried. What about
the undocumented functions above? Any thoughts?
Aaron
-----Original Message-----
From: Aaron Johnson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 17, 2000 10:01 AM
To: [EMAIL PROTECTED]
Subject: decrypt form variable...
Morning everyone,
I'm trying to encrypt an id and pass it through a form... here's an example
of the code i'm using:
On the form page I do this:
<cfset id = "stuff">
<cfset id = encrypt(id, 23421)>
<form action="form_encrypt_test.cfm" method="POST"
enctype="application/x-www-form-urlencoded">
<cfoutput><input type="Text" name="id" value="#id#"></cfoutput>
<input type="Submit" name="submit" value="submit">
</form>
<br>
<cfoutput>
ID Encrypted: #id#<br>
ID Uncrypted: <cfset newid = decrypt(id, 23421)>
#newid#
</cfoutput>
On the result page, I'm trying to do this
<cfoutput>
ID Encrypted:#form.id#<br>
<cfset newid = trim(form.id)>
<cfset newid = decrypt(newid, 23421)>
ID Unecrypted: #newid#
</cfoutput>
Whenever I submit the form, the encrypted id looks exactly the same as it
was on the form submission page. However, Cold Fusion reports that "The
value to be decrypted is not valid"... Anyone have any ideas why?
Aaron
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
