perfect... thanks! On Mon, May 14, 2012 at 12:37 PM, Pete Freitag <[email protected]> wrote: > > The result of Hash using SHA-512 will always be 128 character hex string no > matter what the input it will always be that length. > > You can simply append or prepend the salt to the value you are hashing, eg: > > #Hash(password & salt, "SHA-512")# > > You don't need to Encrypt your password if you are hashing it, and your > salt should be different for every user, something like a UUID or > GenerateSecretKey("AES") is what i use. You can store the salt in another > column in your user table. I typically generate a new salt every time the > user changes password. > > > -- > Pete Freitag - Adobe Community Professional > http://foundeo.com/ - ColdFusion Consulting & Products > http://petefreitag.com/ - My Blog > http://hackmycf.com - Is your ColdFusion Server Secure? > > > > > On Mon, May 14, 2012 at 8:58 AM, Brian Thornton <[email protected]>wrote: > >> >> Docs are at: >> >> http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7c2f.html >> >> My client is moving from cf MX to cf 9 and I find this could be handled >> better.. >> >> I am used to a 512 character to be created. >> In CF 9 <cfset passwordHash = Encrypt(password,"SHA-512") /> is >> generating a 11 character sized text. >> >> >> <cfset passwordHash = Hash(Encrypt(password,"SHA-512")) /> will get me >> 512 but is this duplicitous? >> >> <cfset password = "myP@ssw0rd" /> >> >> <cfset salt = "foo"> >> <cfset passwordHash = Hash(Encrypt(password,"SHA-512")) /> >> >> Where is the salt handled? >> >> > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351136 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
