that will effect security of implementation. However, by the same token no
outside tag purchased or obtained from outside source can be marked secure
unless it went through rigorous code reading and testing. For this you need
even more experience in cryptography than for writing your own
implementation of blowfish. The bottom line is, you need to be an expert to
make a claim that something appears to be secure. Also, if by some chance
NP=P you better have a disclaimer ready :) In most cases you have to settle
for imaginary security, mainly because proving that you have some security
is just to darn expensive.
TK
-----Original Message-----
From: Ben Doom [mailto:[EMAIL PROTECTED]
Sent: Monday, November 17, 2003 10:47 AM
To: CF-Talk
Subject: Re: Blowfish Encryption in ColdFusion
Unless you've got experience writing encryption code, I'd probably avoid
rolling your own. This is one of those re-inventing the wheel scenarios
where if your wheel isn't perfect, it won't roll properly.
--Ben Doom
Tom Kitta wrote:
> How about just writing your own Blowfish algorithm implementation? I
know
> there are quite a few sites out there explaining in detail the ins and
outs
> of this particular encryption method (its popular).
>
> TK
> -----Original Message-----
> From: Jeffry Houser [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 17, 2003 9:58 AM
> To: CF-Talk
> Subject: Blowfish Encryption in ColdFusion
>
> Hi All,
>
> I hope someone has a potential solution. I'm working with a client.
We
> need to pass an encrypted string to one of their vendors. The vendor
> specified the encryption method (Blowfish) along with the key (aka
> passphrase) and an initialization vector (an 8 character string).
>
> After some research I came upon 3 options for Blowfish encryption in
> ColdFusion:
>
> CFX_Enigma
<http://www.cftagstore.com/index.cfm/page/viewtag/tagId/57>
> .. This was our first choice, and they went ahead and bought it. It
only
> accepts "Java Long Integer" for the initialization vector. The tag
spits
> up on our string. I e-mailed the developer, but haven't heard
anything
> back.
>
> cfX_crypt from the developer exchange:
>
>
<http://www.macromedia.com/cfusion/exchange/index.cfm?view=sn131&extID=10005
>
52#view=sn106&viewName=Exchange%20Search%20Details&loc=en_us&authorid=353425
>
81&page=0&scrollPos=0&subcatid=0&snid=sn106&itemnumber=0&extid=1003421&catid
> =0&extID=1000552>.
> I couldn't get CF to find the tag at all. Not sure why, I've never
had a
> problem installing custom tags before.
>
> cf_encrypt from the developer exchange:
>
>
<http://www.macromedia.com/cfusion/exchange/index.cfm?view=sn131&extID=10005
>
52#loc=en_us&view=sn131&extID=1000552&viewName=ColdFusion%20Extension&avm=1>
> .. This one we decided against because there is no way to get
> support. (The web-site link on the page is dead).
>
> So, my first question would be: Are there any other CF-based
options?
> The second question would be, where do I look next? Are there any
good
> resources out there for this type of thing?
>
> --
> Jeffry Houser, Web Developer <mailto:[EMAIL PROTECTED]>
> Aaron Skye, Guitarist / Songwriter <mailto:[EMAIL PROTECTED]>
> --
> AIM: Reboog711 | Phone: 1-203-379-0773
> --
> My Books: <http://www.instantcoldfusion.com>
> Recording Music: <http://www.fcfstudios.com>
> Original Energetic Acoustic Rock: <http://www.farcryfly.com>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
