OK, follow up to this, can anybody suggest ways that they currently
encrypt/decrypt sensitive data? I need to encrypt the data to save into the
database and then at a later date retrieve that data, decrypt it and let the
user edit it. I have looked at using the various algorithms excluding
CFMX_COMPAT but I notice that uses the GenerateSecretKey function. I am
assuming that the key that is generated is different every time therefore once
I have encrypted the data, if I do not save the original key then when I come
to decrypt the data it will use a different key and so fail? Or am I completely
wrong here?
> Hi all, I am trying to store specific data into a database in an
> encrypted format. This data also has to be decrypted so as to be
> displayed and edited onscreen therefore ruling out using the hash
> function. The problem that I am having is on the decrypt.
>
> Example:
>
> <cfset foo = encrypt("johnmurray", "wibble")>
>
> foo then equals "*5)V%5*.Z59RR$"
>
> I save this text to the database. An unusual thing happens when I try
> to decrypt this text as follows;
>
> <cfset foo = decrypt("*5)V%5*.Z59RR$", "wibble")>
>
> foo then equals "johnmurrax"
>
> as you can see the 'y' has become an 'x'.
>
> Now here is the strange thing,
>
> <cfset foo = encrypt("johnmurray ", "wibble")> - with an extra space
> at the end of johnmurray everything encrypts/decrypts correctly using
> an 11 character string.
>
> also
>
> <cfset foo = encrypt("johnmurra", "wibble")> - if I make it only 9
> characters then this also encrypts/decrypts correctly.
>
> It seems to only happen with 10 letter strings?
>
> This is on Coldfusion 7, using a SQL database. I have tried
> URLEncodedFormat before saving to the database and then using
> URLDecode after retrieveing. As this text is defined by the user then
> I cannot simply say that there can be no 10 character strings so has
> anyone ever come across this?
>
> Does anyone have any better encryption ideas I could use? This is a
> really annoying little quirk as to why it only seems to affect 10
> character strings, weird
huh?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Logware (www.logware.us): a new and convenient web-based time tracking
application. Start tracking and documenting hours spent on a project or with a
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:219251
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
