Bill, using your (supplied) code I got exactly the same results as you... '<:FL4KX+) END 39-60-58-70-76-52-75-88-43-41-32-32-32-10- '<:FL4KX+)0 END 39-60-58-70-76-52-75-88-43-41-48-32-32-10- buskirk buskirj
so are you saying that the only diff between the encrypted "k" and "j" is the space which may get trimmed, changing the decrypted value? On 15/02/06, Roland Collins <[EMAIL PROTECTED]> wrote: > > > > Well the example code runs as expected when I run it, so I guess I don't > understand what the issue is… > > > > I thought the issue was that the failure occurs after you retrieve the > password from the database. > > > > ________________________________ > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Bill Rawlinson > Sent: Tuesday, February 14, 2006 9:35 PM > To: CFCDev@cfczone.org > Subject: Re: [CFCDev] OT: coldfusion encrypt > > > > what i'm showing in the example isn't in a query file at all, just a test > file to examine this behaviour. btw: the value buskirk is just someones > last name and isn't a password. > > Bill > > > > On 2/14/06, Roland Collins <[EMAIL PROTECTED]> wrote: > > > Without seeing your queries, it's hard to guess what's going on. Are you > sure there's not a trim statement inside the queries that store the data > either? > > > > Also, as an alternative, you might want to try hashing the password so that > it is completely unrecoverable anyway. Storing recoverable passwords in the > database – even when they're encrypted – is a big no no in my world. The > method described here is much more secure: > http://livedocs.macromedia.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/wwhelp.htm?context=ColdFusion_Documentation&file=00000503.htm. > > > > Roland > > > > ________________________________ > > > From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf > Of Bill Rawlinson > Sent: Tuesday, February 14, 2006 5:30 PM > To: CFCDev@cfczone.org > Subject: [CFCDev] OT: coldfusion encrypt > > > > > I know this isn't specifically a CFC question and I should probably pose > this to the CF-Talk message board - but please bear with me. > > I am using ColdFusion Server Developer 7,0,1,116466 and am noticing > extremely odd behaviour with encrypt and one word.. buskirk > > <cfset testkey = "l9jfs9jk34r9dfjkd"> > > <cfoutput> > <cfset pwd = encrypt("buskirk",testkey) /> > #pwd#END<br /> > > <cfloop from="1" to="#len(pwd)#" > index="i">#ASC(mid(pwd,i,1))#-</cfloop> > <br /> > <cfset pwd2 = encrypt("buskirj",testkey) /> > #pwd2#END<br /> > <cfloop from="1" to="#len(pwd2)#" > index="a">#ASC(mid(pwd2,a,1))#-</cfloop> > <br /> > > #decrypt("'<:FL4KX+) ",testkey)#<br /> > #decrypt("'<:FL4KX+)",testkey)# > </cfoutput> > > If you run the above code you will notice that when I encrypt buskirk it > displays as: '<:FL4KX+) END the ' and the space are both part of the > encrypted result. The END was put there to make sure I could see the result > clearly. > you will also see that buskirj is encrypted as '<:FL4KX+)0 END - you will > notice it too has the ' and the space. > > > However, in the decrypt statement see what happens with the second one - it > has no 0 or space at the end. It decrypts back as buskirj > > So, I then went back and put those loop statements in to examine the > characters being generated by the encryption - and it turns out they are > identical except for the fifth to last character. > > I am storing this encrypted string in an Oracle database. I encrypt > buskirk and store it - then when I pull it out and decrypt it and compare it > against buskirk it fails because CF thinks the decryption is buskirj due to > the fact that buskirj can be resolved from either: > '<:FL4KX+)0 END OR > '<:FL4KX+)END > if you remoe the END from both lines. > > NOTE: I am not doing a trim at any time on the encrypted password. > > what's going on? What other words are going to cause me trouble? > > I have tried different encryption keys and the problem occurs with some - > but not others.. > > for instance the problem persists with the above key, and with > [EMAIL PROTECTED] But it doesn't with the key: fasjf9e3rjlaf > in fact with fasjf9e3rjlaf - i can trim the space off the end of the > encrypted buskirk and it decrypts back to buskirk without a problem. > > > Is this a known problem? Am I just crazy? Unlucky that someone's name is > Buskirk? > > thanks for your time at considering this, > > Bill > -- > [EMAIL PROTECTED] > http://blog.rawlinson.us > > > > > If you want Gmail - just ask. > ---------------------------------------------------------- > You are subscribed to cfcdev. To unsubscribe, send an email to > cfcdev@cfczone.org with the words 'unsubscribe cfcdev' as the subject of the > email. > > CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting > (www.cfxhosting.com). > > An archive of the CFCDev list is available at > www.mail-archive.com/cfcdev@cfczone.org > > ---------------------------------------------------------- > You are subscribed to cfcdev. To unsubscribe, send an email to > cfcdev@cfczone.org with the words 'unsubscribe cfcdev' as the subject of the > email. > > CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting ( > www.cfxhosting.com). > > An archive of the CFCDev list is available at > www.mail-archive.com/cfcdev@cfczone.org > > > > > -- > [EMAIL PROTECTED] > http://blog.rawlinson.us > > If you want Gmail - just ask. > (¹ªÞ²æìr¸›yÛhq÷zôèº{.nÇ+‰·¬zwZ隊[hq÷z÷s:'zŠàÂ+a¶°¢·lº{.nÇ+‰·œ}Ç^½«-…ë.n7œ¶‡í…ç¦j)ADB > Þ¾++ºvòP™¢w°Ãs:'zŠàjwlºšh(r)×o …\z,¶)àà > h²Ø§Ê&Q[1]v«r¯z‡í…à…7¯–+-ŠÆ¯j)ZnWš· > 0™¨¥j·!Š÷œ¢oÜ}Ç^½ÇÜÎ‰Þ > ---------------------------------------------------------- > You are subscribed to cfcdev. To unsubscribe, send an email to > cfcdev@cfczone.org with the words 'unsubscribe cfcdev' as the subject of the > email. > > CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting > (www.cfxhosting.com). > > An archive of the CFCDev list is available at > www.mail-archive.com/cfcdev@cfczone.org