You might want to look at this http://jenghis.thirdtier.com/crypto/ which uses Strong
Crypto. This URL is rather
outdated and the lattest version I have written supports all the AES systems as well
as various forms of public key
crypto and exchange.
Its also super fast so its fine for little things like credit cards but it also
functional for text as long as the
bible. Also we just licensed RSA crypto packages and we can support those as well.
R
"Jackson Moore (CFTalk)" wrote:
> Pooh Bear
>
> I used a similar technique in my custom tag cf_cryp that's in the
> developer's gallery. I actually use the encrypt() function in CF and
> then do various operations to convert characters, shift bits and flip
> nibbles. I also added a checksum (also encoded) so I could validate
> the data after it was decrypted. BUT, it is still not secure when
> compared with 128-bit RSA encryption.
>
> True, a user would be hard pressed to figure out your (or my)
> particular encryption algorithm, but "real" hackers will run a few of
> your (or my) strings through software programs designed to recognize
> patterns such as yours and break the code. It may take some trial
> and error, but they can and will break it.
>
> I use cf_cryp, not to store credit card numbers or other sensitive
> information, but, for example, to encrypt values I use in hidden form
> fields. This helps ensure that the values are correct when I process
> the form. But - I can't be absolutely positive that someone hasn't
> broken my code.
>
> cf_cryp also has an error reporting mechanism that allows you to
> detect the trial/error method and determine if the decrypted string
> has been tampered with. By storing and analyzing this information,
> you can see if someone is trying to break the algorithm and even lock
> them out (again, not foolproof).
>
> HTH
>
> Jackson Moore
> [EMAIL PROTECTED]
>
> On Tue, 24 Jul 2001 14:20:51 -0500, Pooh Bear wrote:
> >hey, i'm the Original Inquirer. heh, kinda like that title. ermm
> >anyways,
> >like i said, the code turns 4665775886868576 into
> >"hkjsdhk987697834^*&^@@@Kj=-018^%13534kljdsa986(*@*&(@# dsjfkhk"
> >junk.
> >someone said that someone could get the pattern, but i think it is
> >impossible, since part of the encryption uses ASC or Char to change
> >characters (only certain letters according to what the "ith" number
> >is), and
> >they will never know at which point i used that transformation, or
> >how many
> >times. MUWHAHAHA! or what else I did (i also used mathematical
> >calculations, string appends, and other string functions). I mean
> >every
> >outcome is sooo different finding a pattern is impossible. And
> >every
> >outcome comes doesn't have the same amount of character lengths.
> >like, the
> >only possible way to figure it out is to look at the CF code itself,
> >and
> >then to work it backwards (which took me a while to figure out too
> >bahehehe)
> >
> >Am i right/wrong in my assumption?
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
