Encryption is not the same thing as Hashing. Encryption is reversible, hashing (ideally) is a one-way function.
Common hashing algorithms include MD5 and SHA1 Common encryption algorithms include AES, RSA and Blowfish Hashing of passwords and storing them in the database unencrypted is the most common scenario. However, some applications prefer to use encryption so that passwords are recoverable for the user. Encryption can be done either at the application server level or in the database itself. First thing, then, is to identify whether the passwords are hashed or encrypted and if they are encrypted, whether they are encrypted by the db or the app server. Judah On Tue, Jan 5, 2010 at 8:21 PM, Kevin Pepperman <[email protected]> wrote: > >> I need to query an Oracle user table where username and encrypted >> password are stored. I need to compare the user input password with the >> encrypted password in the table. Can the CF Decrypt function do the >> work? Can someone give me a pointer? > > Usually a password in encrypted with a irreversible encryption, it should be > anyways. > > The methods to verify the password is usually the same. > > The way you validate the submitted password is to encrypt the password > submitted by the client with the same exact method that was used to encrypt > the one that is stored, and then compare the submitted with the stored > encrypted passwords. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329444 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
