Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151

java Starting with Java 1.8.0_151 and 1.8.0_152 there is a new somewhat easier way to enable the unlimited strength jurisdiction policy for the JVM. Without enabling this you cannot use AES-256 for example.

First download the JRE, I like to use the server-jre for servers.

This entry was:

ColdFusion defaults avoid flawed Random Number Generator

coldfusion I've been researching a very interesting security topic for the past few weeks related to the Snowden NSA leaks and even related to ColdFusion. Thankfully Adobe's default settings avoid the weakness.

This entry was:

Enabling Unlimited Strength Cryptography in ColdFusion

coldfusion java If you want to use very strong encryption in ColdFusion you may need to install the Unlimited Strength Jurisdiction Policy Files in the JVM running ColdFusion.

This entry was:

Trackback Salt

web When I implemented the new trackback feature on my blog, I was aware that spammers like to use trackbacks, so I coded in a keyword blacklist. Roger Benningfield added a comment about track back autodiscovery and spamming that got me thinking.

This entry was:


coldfusion After a long break in my series of the little enhancements in ColdFusion MX 7 (CFMX 7 Little Things), I am back today with another article, this time with the Hash function.

In versions of ColdFusion prior to 7, the Hash function used the MD5 algorithm to generate hash values.

This entry was:

Strong Encryption Technote shows undocumented features

coldfusion Macromedia has just released a technote entitled: Strong Encryption in ColdFusion MX 7. It has lots of information useful to anyone planning to work with these features. In addition I noticed mention of two undocumented arguments in the Encrypt() and Decrypt() functions.

This entry was:

ColdFusion 7 Strong Encryption

coldfusion ColdFusion MX 7 adds strong encryption support to the Encrypt and Decrypt functions. In addition to the legacy algorithm used in Encrypt, and Decrypt - ColdFusion MX 7 now makes it incredibly easy to use AES, Blowfish, DES, and Triple DES encryption.

This entry was:

Signing and Encypting Email

web Many people don't realize that you can get a free certificate for digitally signing and encrypting email. Thawte is one company that offers a free email certificate service. Once you have the cert its fairly simple to sign or encrypt email.

This entry was:

Signing Jar Files (converting pvk to p12)

java We recently renewed our code signing certificate for signing java applets, this is the first year we have had to renew it, and the process is a bit different from when we generated it. When we first received the key we did it with a CSR, and the java keytool.

This entry was:

Moving SSL Certs from IIS to Apache

linux web I found some instructions for converting SSL certificates generated for IIS to private key, and cert files you can use on unix, or Apache for windows.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

Run mmc.

This entry was:


did you hack my cf?