Its actually not a bug. The encrypted string that is generated is
"*5)V%5*.Z59RR$ " with a space at the end. When you decrypt the string, if you
use the same string it will work as it should. In your case, the string was
trimmed and hence this behaviour.
You can verify this using this code snippet.
<cfset foo = encrypt("johnmurray", "wibble")>
<cfset bar = decrypt(foo, "wibble")>
<cfoutput>foo is '#foo#'</cfoutput>
<cfoutput>bar is #bar#</cfoutput>
By default encrypt uses UU-encoding to encode the encrypted data. So to ensure
that there is no trailing spaces, you should use Base-64 encoding. you can
specify that in Encrypt/Decrypt function.
Other solution is to base-64 encode the data you get after encrypt and persist.
And when you retrieve it frm DB, base-64 decode and then pass it to decrypt.
Thanks
Rupesh.
>Whoa. So weird I also tested here, and the encoded "johnmurray" was
>decoded to "johnmurrax"! It's not with all 10 charcs. string, by the way.
>
>I think this is a CF default algorithm (CFMX_COMPAT, which is compatible
>do earlier versions of CF) implementation bug.
>
>You should use a more secure and standard algorithm, like TripleDES.
>Check out the Encrypt() documentation.
>
>--
>Fabio Terracini
>
>
>
>
>Andy Mcshane wrote:
>
>>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Logware (www.logware.us): a new and convenient web-based time tracking
application. Start tracking and documenting hours spent on a project or with a
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:219276
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
