?
Solved

decryption in coldfusion

Posted on 2003-11-21
8
Medium Priority
?
1,244 Views
Last Modified: 2013-12-20
i have a database setup to where i have people log in with userid and passwords.  i generate a random number and encrypt these numbers as passwords and store them into the database. when i query the database and try to decrypt these passwords back to numbers, they are no longer numbers, but rather wierd characteres and jummbled letters.  essentially the decrypted form of the encrypted passwords are all wrong so the users cannot log in.  the only difference though is that when i type in a number, encrypt it, and right after decrypt it, the numbers appear fine.  it is only when i query the database and decrypt what is stored in the database where the passwords get all weird even though the encrypted form of the passwords are the same.
0
Comment
Question by:happydog234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 9

Expert Comment

by:CFDevHead
ID: 9799649
Lets see your code.
0
 

Author Comment

by:happydog234
ID: 9799685
this works fine:
<cfset password = 2>
<cfset Encrypted = Encrypt(password, key)>
<cfset Decrypt = Decrypt(Encrypted, key)>
#Decrypt#

this doesnt work:
<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
      <cfset Decrypt = Decrypt(password, key)>
      #Decrypt#
</cfoutput>
0
 
LVL 9

Expert Comment

by:CFDevHead
ID: 9799703
when you select the password from the DB trim the felid to make sure there is any white space.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 9

Expert Comment

by:CFDevHead
ID: 9799718
if that doesn't work try using
<cfset password = 2>
<cfset key ='my fav. key!'>
<cfset Encrypted = cfusion_encrypt(password, key)>
<cfset Decrypt = cfusion_decrypt(Encrypted, key)>
<cfoutput>
#Decrypt#

</cfoutput>
0
 
LVL 14

Expert Comment

by:Renante Entera
ID: 9801140
Try this one :

<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
     <cfset Decrypt = Decrypt('#password#', key)>
     #Decrypt#
</cfoutput>

Or you can have it this way :

<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
     <cfset mypass = '#password#'>
     <cfset Decrypt = Decrypt(mypass, key)>
     #Decrypt#
</cfoutput>

Goodluck!
eNTRANCE2002 :-)
0
 
LVL 17

Expert Comment

by:anandkp
ID: 9801657
Avoid using keywords like : "password" / "decrypt" as ur variable names !

normally the conversion shld be possible & u shld be able to get back ur values decrypted properly ... the reason there may be problems with this is -
1. u may have used different keys ...
2. there wld have been some special characters used [value / key] - which cldnt be formatted correctly while storing in teh DB ... thus the decryption resulted in a error ...
3. as mentioned above - using trim wld allow u to get rid of unwanted spaces - which may go un-noticed & can cause error...
0
 
LVL 12

Accepted Solution

by:
jyokum earned 1000 total points
ID: 9805790
This will resolve your encryption/decryption problem.

http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20746580.html#9417582

to encrypt...
myEncodedText = tobase64(encrypt(myText,"key123"));

to decrypt...
myDecodedText = decrypt(tostring(tobinary(myEncodedText)),"key123");

I wouldn't recommend using cfusion_encrypt and cfusion_decrypt since it is really easy to crack that encryption.
0
 
LVL 6

Expert Comment

by:PE_CF_DEV
ID: 9811131
If you want to securely do this your best way is to hash the password....
so you would do this:
Update passwordtable
set password = #hash(password)#
where whatever

then upon login
select stuff
from passwordtable
where password = #hash(password)#

0

Featured Post

Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Objective of This Article In 1990’s, when I was a budding software professional, I had a lot of confusion about which stream or technology, I had to choose to build my career. In those days, I had lot of confusion like whether to choose System so…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…
The purpose of this video is to demonstrate how to update a WordPress Site’s version. WordPress releases new versions of its software frequently and it is important to update frequently in order to keep your site secure, and to get new WordPress…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question