encryption. Very weak, takes piece of paper to decipher, statistical
analysis are a killer. I guess it might deter a casual user or even a hacker
if he or she doesn't know how you encrypt. If they knew that you are using
this cipher they would go ahead a crack it and then brag around about their
decryption abilities.
If you like your algorithm you may strengthen it by making a variable shift
(say you shift 'a' 3 positions while 'b' 5) or shift in blocks etc.
TK
-----Original Message-----
From: Stephen Moretti [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004 3:10 PM
To: CF-Talk
Subject: Re: Handling Passwords
John Croney wrote:
> I am trying to create a login page. In ASP I convert every letter
> through a loop from the password to ASC() ,add a number then convert
> it back and save it in the table. I am thinking about doing the same
> thing in ColdFusion. Is this a good way or is there a better way to
> handle passwords?
You should have a look at the hash() function. It provides one way
encryption of a string.
Nothing is 100% infalliable, but this is a reasonable way of ensuring
the security of passwords. Store the hashed password in your database,
then when ever you need to check a password hash the given password and
compare it to the entry in the database. This will make passwords case
sensitive.
Stephen
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
