In my experience with this I had to slightly modify the process by which I checked my passwords. Even though the decrypted version of the password was slightly different it always decrypted fine. So instead of encrypting a password to check it against the database version I had to decrypt the database version of the password and test against the un-encrypted versions. Not exactly the way I wanted to do it but it beats one-way hashes and plain text passwords in the database.
Matthew P.S. A little research into encryption technologies will reveal that non-consistent encrypted strings are quite common. I have never found any other technique that did it "sometimes" but still it is not that strange. -----Original Message----- From: Alford, Gary [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 10:03 AM To: '[EMAIL PROTECTED]' Subject: RE: Encrypt / Decrypt I'm still working with it (it temporarily got pushed to the back burner for some other hot jobs). However, I think the "Hash" function will work OK. ============================================ Gary L. Alford Materiel and Procurement Senior BPE Specialist, SCM Bell Helicopter Textron Phone: (817) 280-6233 Fax: (817) 278-6233 mailto:[EMAIL PROTECTED] ============================================ -----Original Message----- From: Russfly [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: Re: Encrypt / Decrypt Gary, Did you get it to work? I have been using the same thing, and I am getting random results. When I encrypt the same password multiple times, I get varied results... I ended up using a code snippet from www.cflib.org. BTW, I save the encrypted password to the database, because there is no use to decrypt it. Russell ----- Original Message ----- From: "Alford, Gary" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 08, 2002 8:55 AM Subject: RE: Encrypt / Decrypt > Thanks. I'll give it a try. > > ============================================ > Gary L. Alford > Materiel and Procurement > Senior BPE Specialist, SCM > Bell Helicopter Textron > Phone: (817) 280-6233 > Fax: (817) 278-6233 > mailto:[EMAIL PROTECTED] > ============================================ > > > -----Original Message----- > From: Schreck, Tom [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 08, 2002 8:50 AM > To: [EMAIL PROTECTED] > Subject: RE: Encrypt / Decrypt > > > Gary- > I've used the hash function to convert the password into a hashed > value and > then store the hashed value in the database. The setback is you > cannot convert it back to the original value once its been hashed. > So, when you need to compare values, you will have to hash the user > inputted password and > compare it to the value stored in the database. Hope that helps. > > Tom > > -----Original Message----- > From: Alford, Gary [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 03, 2002 4:00 PM > To: DFW ColdFusion Users Group (E-mail) > Subject: Encrypt / Decrypt > > > I am trying to populate a database field with encrypted passwords for > an internal security system and then decrypt them later for login. > The code I > am using to encrypt / decrypt is: > > <cfif IsDefined("form.pw")> > <cfset encr_pw = #LCase(form.pw)#> > <cfset encr_pw = encrypt(encr_pw, "gala55")> > <cfset decr_pw = decrypt(encr_pw, "gala55")> > </cfif> > > However, if I output these variables, I am not getting a constant > return on > the "encr_pw" variable. Each time I refresh the page, I get a > different value for encr_pw (the last character of the string is > always different). Therefore, the correct password will not decrypt > properly. > > Any ideas? > > ============================================ > Gary L. Alford > Materiel and Procurement > Senior BPE Specialist, SCM > Bell Helicopter Textron > Phone: (817) 280-6233 > Fax: (817) 278-6233 > mailto:[EMAIL PROTECTED] > ============================================ > > > ---------------------------------------------------------------------- > --- > This email server is running an evaluation copy of the MailShield anti- > spam software. Please contact your email administrator if you have any > questions about this message. MailShield product info: www.mailshield.com > > ----------------------------------------------- > To post, send email to [EMAIL PROTECTED] > To subscribe / unsubscribe: http://www.dfwcfug.org > > ---------------------------------------------------------------------- > --- > This email server is running an evaluation copy of the MailShield anti- > spam software. Please contact your email administrator if you have any > questions about this message. MailShield product info: www.mailshield.com > > ----------------------------------------------- > To post, send email to [EMAIL PROTECTED] > To subscribe / unsubscribe: http://www.dfwcfug.org > > ---------------------------------------------------------------------- > --- > This email server is running an evaluation copy of the MailShield anti- > spam software. Please contact your email administrator if you have any > questions about this message. MailShield product info: www.mailshield.com > > ----------------------------------------------- > To post, send email to [EMAIL PROTECTED] > To subscribe / unsubscribe: http://www.dfwcfug.org ------------------------------------------------------------------------- This email server is running an evaluation copy of the MailShield anti- spam software. Please contact your email administrator if you have any questions about this message. MailShield product info: www.mailshield.com ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org ------------------------------------------------------------------------- This email server is running an evaluation copy of the MailShield anti- spam software. Please contact your email administrator if you have any questions about this message. MailShield product info: www.mailshield.com ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org ------------------------------------------------------------------------- This email server is running an evaluation copy of the MailShield anti- spam software. Please contact your email administrator if you have any questions about this message. MailShield product info: www.mailshield.com ----------------------------------------------- To post, send email to [EMAIL PROTECTED] To subscribe / unsubscribe: http://www.dfwcfug.org
