Thanks for all the feedback so far and with all things said, here's more from me:
I realize that they are different. I'm just not clear as to my decision on which route to take, personally and professionally. I've also heard stories of Hash values still being able to be cracked on a comparison basis, because when you get down to the logic, all the hacker cares is if their value matches yours. With that said, I understand AES to be the only grade of encryption accepted by the military and government, and that's why I'm questioning some of this... If AES is so strong, and you have a proper Key management system (which I can safely say I do) then is there any reason to use Hash? I just don't want to overlook hashing values because of a personal interest in AES if there's no reason to overlook it. P.S: My Key Management process is setup in several fashions/options. 1. You can pass in a sharedKey, which is the key that can encrypt & decrypt the data. (results in only shared key specified.) 2. You can not pass in any key and it will genereate a privateKey to decrypt the data. (results in only a private key) 3. You can pass in a publicKey and a flag to encryptKey, which will encrypt the publicKey to create a privateKey, which encrypts the data using the privateKey. (results in public & private key's) 4. You can not pass in any key and pass in a fag to encryptKey, which will generat a publicKey and encrypt it all the same as in option. (still in consideration) Lastly, an important factor in Key Management is encrypting the keys used to decrypt data, and seperating them fractionally. Anyone with good encryption knowledge, please put your input here. I'd really like to know what I'm doing right/wrong, but have a hard to finding others that completely understand. Thanks! - Doug On 5/3/06, Munson, Jacob <[EMAIL PROTECTED]> wrote: > > As other's have said, Hash <> Encryption, but I'll add that some Hash > algorithms are better than others. I've read reports that MD5 is not as > safe as it used to be, but it is one of the most popular right now. > ColdFusion supports other algorithms, so you'll probably want to do some > research to make sure your code's algorithm is still considered safe. > > > -----Original Message----- > > From: Doug Arthur [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, May 02, 2006 9:42 PM > > > > I want to get people's input on AES Encryption vs. Hashing a > > value. I know > > that AES is the only government approved encryption method as it's the > > strongest. But what are some feelings about using Hash > > instead? My new job I > > started uses nothing but Hash, and I've always been a custom to AES > > Encryption with a routine I developed a while back. I'm > > wondering if it's > > worth while trying to make a change, or just leave things as is. > > > [INFO] -- Access Manager: > This transmission may contain information that is privileged, confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. Thank you. A2 > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239420 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
