However, I would argue that a reasonably well known implentation of an
algorythm is less likely to be screwed up than, say, one I wrote from
scratch. Having implemented Blowfish in C/C++, I know how easy it is to
screw up. :-)
[Tom Kitta]
I guess odds are in favor of going with well known implementation, then
again, one must keep in mind my previous post.
In any case, if someone is looking for help with encryption libraries,
the chances are that this is one of their first excursions into
encryption, and they're probably not up to hammering out their own
custom solution.
[Tom Kitta]
I agree.
--Ben
Tom Kitta wrote:
> You are right, someone without experience will most likely make a mistake
> that will effect security of implementation. However, by the same token no
> outside tag purchased or obtained from outside source can be marked secure
> unless it went through rigorous code reading and testing. For this you
need
> even more experience in cryptography than for writing your own
> implementation of blowfish. The bottom line is, you need to be an expert
to
> make a claim that something appears to be secure. Also, if by some chance
> NP=P you better have a disclaimer ready :) In most cases you have to
settle
> for imaginary security, mainly because proving that you have some security
> is just to darn expensive.
>
> TK
> -----Original Message-----
> From: Ben Doom [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 17, 2003 10:47 AM
> To: CF-Talk
> Subject: Re: Blowfish Encryption in ColdFusion
>
> Unless you've got experience writing encryption code, I'd probably avoid
> rolling your own. This is one of those re-inventing the wheel scenarios
> where if your wheel isn't perfect, it won't roll properly.
>
> --Ben Doom
>
> Tom Kitta wrote:
>
> > How about just writing your own Blowfish algorithm implementation? I
> know
> > there are quite a few sites out there explaining in detail the ins and
> outs
> > of this particular encryption method (its popular).
> >
> > TK
> > -----Original Message-----
> > From: Jeffry Houser [mailto:[EMAIL PROTECTED]
> > Sent: Monday, November 17, 2003 9:58 AM
> > To: CF-Talk
> > Subject: Blowfish Encryption in ColdFusion
> >
> > Hi All,
> >
> > I hope someone has a potential solution. I'm working with a
client.
> We
> > need to pass an encrypted string to one of their vendors. The
vendor
> > specified the encryption method (Blowfish) along with the key (aka
> > passphrase) and an initialization vector (an 8 character string).
> >
> > After some research I came upon 3 options for Blowfish encryption
in
> > ColdFusion:
> >
> > CFX_Enigma
> <http://www.cftagstore.com/index.cfm/page/viewtag/tagId/57>
> > .. This was our first choice, and they went ahead and bought it.
It
> only
> > accepts "Java Long Integer" for the initialization vector. The tag
> spits
> > up on our string. I e-mailed the developer, but haven't heard
> anything
> > back.
> >
> > cfX_crypt from the developer exchange:
> >
> >
>
<http://www.macromedia.com/cfusion/exchange/index.cfm?view=sn131&extID=10005
> >
>
52#view=sn106&viewName=Exchange%20Search%20Details&loc=en_us&authorid=353425
> >
>
81&page=0&scrollPos=0&subcatid=0&snid=sn106&itemnumber=0&extid=1003421&catid
> > =0&extID=1000552>.
> > I couldn't get CF to find the tag at all. Not sure why, I've never
> had a
> > problem installing custom tags before.
> >
> > cf_encrypt from the developer exchange:
> >
> >
>
<http://www.macromedia.com/cfusion/exchange/index.cfm?view=sn131&extID=10005
> >
>
52#loc=en_us&view=sn131&extID=1000552&viewName=ColdFusion%20Extension&avm=1>
> > .. This one we decided against because there is no way to get
> > support. (The web-site link on the page is dead).
> >
> > So, my first question would be: Are there any other CF-based
> options?
> > The second question would be, where do I look next? Are there any
> good
> > resources out there for this type of thing?
> >
> > --
> > Jeffry Houser, Web Developer <mailto:[EMAIL PROTECTED]>
> > Aaron Skye, Guitarist / Songwriter <mailto:[EMAIL PROTECTED]>
> > --
> > AIM: Reboog711 | Phone: 1-203-379-0773
> > --
> > My Books: <http://www.instantcoldfusion.com>
> > Recording Music: <http://www.fcfstudios.com>
> > Original Energetic Acoustic Rock: <http://www.farcryfly.com>
> >
> >
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
