Why isn't it crackable? Everything's crackable. Anyhoo, it has been cracked. Finding the key for that function was horribly trivial. Go to Google and do a search, you'll find some code that'll unencrypt cfencrypt()'ed material.
----- Original Message ----- From: BILLY CRAVENS <[EMAIL PROTECTED]> Date: Tuesday, December 4, 2001 1:37 pm Subject: Re: Credit Card Encryption > Are you sure about the cfencrypt() function? I don't think it's > "crackable", though any encryption is if you throw enough keys at it. > Rather, the encryption for encrypting files (like encrypted custom > tags) has > been cracked for a long time (since it requires no user selectable > key). > ----- Original Message ----- > From: "Jeffrey Polaski" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Tuesday, December 04, 2001 2:29 PM > Subject: RE: Credit Card Encryption > > > > You can also remove the CC numbers from the database. We don't > process a > > huge amount of CC's, so we just run some SQL to set all but the > last four > > digits to 'x' after having copied the good cc numbers to a > floppy. The > > floppies go to a locked managers office. That way the numbers > aren't even > > on the network. We don't do it every day, but once a week or so-- > enoughthat > > there aren't very many CC number sitting in the db. > > > > One suggestion: write a stored procedure that writes the CC > numbers out to > > disk, then run GnuPG on the file, and then set all but the last > four CC > > digits to 'x'. You could do it with a chron job, or use a > scheduled task > in > > CF. I think that would work for you. > > > > One note: cfencrypt(), AFAIK, has been cracked. I'm not sure if > that'strue > > of recent versions of CF, though. > > > > > > Jeff Polaski > > Webmaster > > Research & Graduate Studies > > University California, Irvine > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, November 29, 2001 9:43 AM > > To: CF-Talk > > Subject: Credit Card Encryption > > > > > > Does anyone have any insight on encrypting data into a Table? A > client is > > asking about storing CC numbers and I want to see what level of > protection> we can provide. > > > > TIA! > > > > Hatton > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
