But, if the key is user-defined then how would someone distribute their software? the
CF server would need to know the key in order
to open the encrypted file. Would each CF server then need to maintain multiple keys?
I don't think that is workable. Like I
said, the decryption needs to be fast for the server and so that is why CF has a
built-in key.
Regards,
Howie
BTW - not sure how many people realize it but the key that Allaire originally used was
actually very clever. It was designed so
that a casual cracker would not find it easily as it looks to be part of the code. If
you look at the binary code of the Allaire
encrypter the key is there but definitely not obvious.
----- Original Message -----
From: "Top-Link Tech (John Ceci)" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Friday, June 08, 2001 12:49 PM
Subject: RE: Need decryptor tag for CFUG presentation
> Howie,
>
> I would agree with getting off the net is impossible, that is why I
> presented #2, change the basic encryption scheme to something different,
> there are plenty of methods to encrypt a file that have a user-defined key
> that are fast...so just change to a different method, now it might only take
> a week or two for someone to crack that too, but some type of effort by MM
> to combat this is necessary...
>
> John
>
> -----Original Message-----
> From: Howie Hamlin [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 08, 2001 9:58 AM
> To: CF-Talk
> Subject: Re: Need decryptor tag for CFUG presentation
>
>
>
> ----- Original Message -----
> From: "Top-Link Tech (John Ceci)" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Friday, June 08, 2001 11:17 AM
> Subject: RE: Need decryptor tag for CFUG presentation
>
>
> > Ray,
> >
> > I would agree with your statement competely...
> >
> > BUT, since this program exists, and we have known that it exists for some
> > time there are a couple of things MM should have done...
> > #1. MM needs to find who wrote it and get the tag off the internet
>
> It's no secret:
>
> Matt Chapman ([EMAIL PROTECTED])
>
> And, if you search the net you'll find it all over the place (including
> source code) so getting it off the net is not going to
> happen. I've even seen it offered as shareware (if you can believe that!)
>
> > #2. MM needs to change the encryption methodology inside of CF5.0 in the
> > first SP which will then totally take the program out of usefulness...
> >
>
> The problem with the cf encryption is that it needs to be fast and have a
> know key so this type of encrypton can be compromised.
>
> Regards,
>
> Howie
>
> > John
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
