More so just for options really. Also to note, and maybe I should of mentioned this, but I plan on using the encryption for social security numbers, credit card numbers, and other trusted confidential data. But what I'm hearing from the list, if it's a password, stick with hash, but I'll still have to use my encryption routine for the others. I was just thinking that including the password with the encryption routine throughout the site(s) would be more manageable and I wanted to hear everyoneelse's feedback on that.
Thanks for all the input! Feel free to keep adding input. On 5/3/06, Kevin Aebig <[EMAIL PROTECTED]> wrote: > > Out of curiousity, why do you have so many considerations? Even for our > "public" services, we only use one implementation. > > Cheers, > > !k > > -----Original Message----- > From: Doug Arthur [mailto:[EMAIL PROTECTED] > Sent: May 3, 2006 12:52 PM > To: CF-Talk > Subject: Re: AES Encryption vs. Hash > > Thanks for all the feedback so far and with all things said, here's more > from me: > > I realize that they are different. I'm just not clear as to my decision on > which route to take, personally and professionally. I've also heard > stories > of Hash values still being able to be cracked on a comparison basis, > because > when you get down to the logic, all the hacker cares is if their value > matches yours. With that said, I understand AES to be the only grade of > encryption accepted by the military and government, and that's why I'm > questioning some of this... If AES is so strong, and you have a proper Key > management system (which I can safely say I do) then is there any reason > to > use Hash? I just don't want to overlook hashing values because of a > personal > interest in AES if there's no reason to overlook it. > > P.S: My Key Management process is setup in several fashions/options. > 1. You can pass in a sharedKey, which is the key that can encrypt & > decrypt > the data. (results in only shared key specified.) > 2. You can not pass in any key and it will genereate a privateKey to > decrypt > the data. (results in only a private key) > 3. You can pass in a publicKey and a flag to encryptKey, which will > encrypt > the publicKey to create a privateKey, which encrypts the data using the > privateKey. (results in public & private key's) > 4. You can not pass in any key and pass in a fag to encryptKey, which will > generat a publicKey and encrypt it all the same as in option. (still in > consideration) > > Lastly, an important factor in Key Management is encrypting the keys used > to > decrypt data, and seperating them fractionally. > > Anyone with good encryption knowledge, please put your input here. I'd > really like to know what I'm doing right/wrong, but have a hard to finding > others that completely understand. > > > Thanks! > - Doug > > > > > On 5/3/06, Munson, Jacob <[EMAIL PROTECTED]> wrote: > > > > As other's have said, Hash <> Encryption, but I'll add that some Hash > > algorithms are better than others. I've read reports that MD5 is not as > > safe as it used to be, but it is one of the most popular right now. > > ColdFusion supports other algorithms, so you'll probably want to do some > > research to make sure your code's algorithm is still considered safe. > > > > > -----Original Message----- > > > From: Doug Arthur [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, May 02, 2006 9:42 PM > > > > > > I want to get people's input on AES Encryption vs. Hashing a > > > value. I know > > > that AES is the only government approved encryption method as it's the > > > strongest. But what are some feelings about using Hash > > > instead? My new job I > > > started uses nothing but Hash, and I've always been a custom to AES > > > Encryption with a routine I developed a while back. I'm > > > wondering if it's > > > worth while trying to make a change, or just leave things as is. > > > > > > [INFO] -- Access Manager: > > This transmission may contain information that is privileged, > confidential > > and/or exempt from disclosure under applicable law. If you are not the > > intended recipient, you are hereby notified that any disclosure, > copying, > > distribution, or use of the information contained herein (including any > > reliance thereon) is STRICTLY PROHIBITED. If you received this > transmission > > in error, please immediately contact the sender and destroy the material > in > > its entirety, whether in electronic or hard copy format. Thank you. > A2 > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239443 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
