Strong Encryption Technote shows undocumented features
Macromedia has just released a technote entitled: Strong Encryption in ColdFusion MX 7. It has lots of information useful to anyone planning to work with these features. In addition I noticed mention of two undocumented arguments in the Encrypt() and Decrypt() functions. There are also two undocumented encryption types.
The two encryption types are
PBEWithMD5AndTripleDES - both password based encryption algorithms. Password based algorithms use a MD5 hash to change your password into an encryption key.
The two new arguments are
IVorSalt argument is for passing either an Initialization Vector (for block based encryptions AES, DES, Blowfish), or for passing a binary salt value for password based encryption (PBE) algorithms. The
iterations argument is only for PBE algorithms, and is the number of iterations to transform the password into a binary key.
The technote also shows you how to create encryption keys manually, use different feedback, or padding modes, how to install unlimited strength encryption policy files, and also how to install other security providers.
So if your going to be using Strong Encryption in CFMX 7, you should check out the technote.
- Hash - March 15, 2005
- ColdFusion 7 Strong Encryption - February 10, 2005
- CFFUNCTION and CFARGUMENT don't support new types in ColdFusion 7 - April 13, 2005
- CFTIMER - Little things in ColdFusion 7 - February 11, 2005
- cfdirectory adds recursive support - Little Things in CFMX 7 - February 10, 2005
- Why is my cron.daily script not running?
- Announcing FuseGuard Version 3
- CFSummit 2017
- Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
- Java 9 Security Enhancements
- Upcoming CFML Conferences in April 2017
- CFSummit 2016 Slides
- Securing Legacy CFML - dev.Objective() 2016 Slides