ColdFusion 7 Strong Encryption
ColdFusion MX 7 adds strong encryption support to the Encrypt and Decrypt functions. In addition to the legacy algorithm used in Encrypt, and Decrypt - ColdFusion MX 7 now makes it incredibly easy to use AES, Blowfish, DES, and Triple DES encryption. It also adds the ability to encode the encrypted string using three different binary encoding algorithms Base64, Hexidecimal, and the UUEncode algorithm.
Here's an example:
<!--- options for algorithm are CFMX_COMPAT (default), AES, BLOWFISH, DES, and DESEDE ---> <cfset algorithm = "AES"> <!--- encoding options, Base64, hex, or uu ---> <cfset encoding = "hex"> <!--- generate a key ---> <cfset key = GenerateSecretKey(algorithm)> <cfset str = "This is my secret string." > <cfset enc = Encrypt(str, key, algorithm, encoding)> <cfset dec = Decrypt(enc, key, algorithm, encoding)> <cfoutput> <pre> string=#str# encrypted=#enc# decrypted=#dec# key=#key# algorithm=#algorithm# </pre> </cfoutput>
The default encoding algorithm is UUEncode, this algorithm however may not be best if you need to pass the encrypted value around (as the possible character values are greatest). The safest choice for encoding is
hex which will only use the characters A-F and 0-9 - it also will yield the longest string. The next best choice is Base64 encoding, this encoding will use characters a-z A-Z 0-9 and sometimes will use = signs at the end for padding.
The DES (Data Encryption Standard) algorithm was developed in the US in the 1970's by the NSA. DES is no longer considered secure and can be broken in hours or days by exhaustive key search. There are around 72 quadrillion possible keys.
Triple DES (DESEDE) to make it harder to break we encrypt using one key, encrypt using another key, and finally decrypt using the first key. Triple DES is still considered a secure algorithm, and is in wide use.
The AES/Rijndael (Advanced Encryption Standard) algorithm is your strongest choice, it uses at least 128 bit keys (can use 128, 192, or 256), and even executes faster than DES and Triple DES algorithms (which use 56 bit keys).
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key.NIST AES Fact Sheet (link no longer works; http://csrc.nist.gov/CryptoToolkit/aes/aesfact.html)
The blowfish algorithm was also designed as a replacement to DES - it uses variable key lengths (32-448 bits) and is appropriate for both domestic (US) and international use. Blowfish is significantly faster than DES (20x).
|Blowfish||Strong||Fast, but time consuming to initialize a new key||232 - 2448|
|AES||Strong||Fast||2128, 2192, 2256|
Other Sources: An introduction to modern crypto systems (link no longer works: http://www.giac.org/practical/GSEC/Andrew_Zwicke_GSEC.pdf), and Do we need AES? (link no longer applicable: http://www.cryptomathic.com/company/aes.html), Description of a new variable-length key, 64-bit block cipher (blowfish) all good reads.
Like this? Follow me ↯Tweet Follow @pfreitag
ColdFusion 7 Strong Encryption was first published on February 10, 2005.
If you like reading about cfml, coldfusion 7, or crypto then you might also like:
- Strong Encryption Technote shows undocumented features
- CFFUNCTION and CFARGUMENT don't support new types in ColdFusion 7
- CFTIMER - Little things in ColdFusion 7
- cfdirectory adds recursive support - Little Things in CFMX 7
- IsValid - CFMX 7 Little Things
- CFPARAM - New Features in CFMX 7
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.