tag:blogger.com,1999:blog-5824660313967021040.post6123249867613133275..comments2022-03-26T08:56:28.677-07:00Comments on cfSearching: ColdFusion: Encryption Interoperability Issues (Beginner)Unknownnoreply@blogger.comBlogger10125tag:blogger.com,1999:blog-5824660313967021040.post-55703076193475713652010-06-17T06:44:04.982-07:002010-06-17T06:44:04.982-07:00Thanks, helped me a lot!Thanks, helped me a lot!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-54028590422449969922010-05-01T00:09:32.845-07:002010-05-01T00:09:32.845-07:00@dinger,
Disclaimer: Bit math is not my strong su...@dinger,<br /><br />Disclaimer: Bit math is not my strong suit. But I think I got a C# port of the Railo code to work. If you are interested, email me at cfsearching at either yahoo or gmail.<br /><br />-LeighcfSearchinghttps://www.blogger.com/profile/11564374520734454860noreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-52668342463488690772010-04-28T14:54:25.850-07:002010-04-28T14:54:25.850-07:00You might also take a look at the Railo source. It...You might also take a look at the Railo source. It is java, but supports the CFMX_COMPAT algorithm. So you could port it to C#. Just check the Railo licensing stuff of course ...<br /><br />-LeighcfSearchinghttps://www.blogger.com/profile/11564374520734454860noreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-41947134829243396592010-04-28T13:34:08.873-07:002010-04-28T13:34:08.873-07:00@dinger,
From what I understand, the value you pa...@dinger,<br /><br />From what I understand, the value you pass into encrypt is just a seed. Not the actual key used for the XOR. If you could figure out it how it generates the key .. maybe you could duplicate it. <br /><br />Assuming you really _have_ to do this that is..<br /><br />-LeighcfSearchinghttps://www.blogger.com/profile/11564374520734454860noreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-11084413043224076892010-04-28T12:23:13.272-07:002010-04-28T12:23:13.272-07:00yeah - that's what I figured. I have been hav...yeah - that's what I figured. I have been having quite a time getting this to work. <br /><br />Unfortunately, this is a supported application and I can't change the encryption scheme - I am just trying to decrypt it.<br /><br />Thanksdingerhttps://www.blogger.com/profile/00889974326255643666noreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-56291831648243442442010-04-28T12:17:24.670-07:002010-04-28T12:17:24.670-07:00@dinger,
This post is specifically about the AES ...@dinger,<br /><br />This post is specifically about the AES algorithm. It does not apply in your case because you are using the default algorithm: CFMX_COMPAT (also the weakest encryption)<br /><br /><i>Correct me if I'm wrong, but this is using a key to encrypt the password, but no IV or anything else. How, then, do I know what use?</i><br /><br />Yes, CF uses your key (ie GetSiteVars.Encode) as a "seed" to generate a random key internally. No IV or other parameters are required. CF then runs some sort of XOR algorithm internally to create the encrypted string. To duplicate the _encrpt_ result in C#, you would need to know how CF performs the XOR. I am not sure.<br /><br />But why use CFMX_COMPAT algorithm at all? A one way md5 Hash() should be sufficient.. and you can definitely duplicate that in C#.<br /><br />HTH<br />-LeighcfSearchinghttps://www.blogger.com/profile/11564374520734454860noreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-59567799247401294112010-04-28T05:58:53.607-07:002010-04-28T05:58:53.607-07:00Thanks - this has been a great post. However, I a...Thanks - this has been a great post. However, I am having great trouble getting my code to work. I have tried your code, and still no dice. The ColdFusion code I am working with is as follows - <br /><br />#Hash(Encrypt(Form.UserPassword,GetSiteVars.EnCode))#<br /><br />Correct me if I'm wrong, but this is using a key to encrypt the password, but no IV or anything else. How, then, do I know what use?<br /><br />Thanksdingerhttps://www.blogger.com/profile/00889974326255643666noreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-18952077019552273562010-01-05T01:04:00.552-08:002010-01-05T01:04:00.552-08:00Thank you, this was just what I needed. Don't ...Thank you, this was just what I needed. Don't think I could've done it without your examples.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-38521214803275522872009-12-16T12:31:59.972-08:002009-12-16T12:31:59.972-08:00@Josh,
Having spent a lot of time on it myself, I...@Josh,<br /><br />Having spent a lot of time on it myself, I am glad it helped ;)<br /><br />-LeighcfSearchinghttps://www.blogger.com/profile/11564374520734454860noreply@blogger.comtag:blogger.com,1999:blog-5824660313967021040.post-43100935656506144742009-12-16T10:18:20.160-08:002009-12-16T10:18:20.160-08:00Thanks! This was very helpful. You helped me figur...Thanks! This was very helpful. You helped me figure out a bug in my code that had me blocked for hours.Unknownhttps://www.blogger.com/profile/16775685718059996925noreply@blogger.com