One way hashes are pretty secure in that you cannot turn the encrypted hash back to cleartext. You can however brute-force the hash, and if it's a weak hash such as MS LanMan, then it's fairly easy to brute force, practically a joke with rainbow tables.
With more secure hashes it becomes harder to break, but mostly depends on the source of the encryption. If you use it for passwords, and some stupid user has hello as his password, a simple dictionary attack will break that. AES is a two way encryption algorithm, using a symmetric key. This means that if you use it with coldfusion, you will most likely have to store the key on the server somewhere, most likely in the code. It also means that any hacker that can gain access to the code and the encrypted text, can decrypt that text. Russ > -----Original Message----- > From: Doug Arthur [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 02, 2006 11:42 PM > To: CF-Talk > Subject: AES Encryption vs. Hash > > I want to get people's input on AES Encryption vs. Hashing a value. I know > that AES is the only government approved encryption method as it's the > strongest. But what are some feelings about using Hash instead? My new job > I > started uses nothing but Hash, and I've always been a custom to AES > Encryption with a routine I developed a while back. I'm wondering if it's > worth while trying to make a change, or just leave things as is. > > - Doug > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239435 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
