decryption in coldfusion

i have a database setup to where i have people log in with userid and passwords.  i generate a random number and encrypt these numbers as passwords and store them into the database. when i query the database and try to decrypt these passwords back to numbers, they are no longer numbers, but rather wierd characteres and jummbled letters.  essentially the decrypted form of the encrypted passwords are all wrong so the users cannot log in.  the only difference though is that when i type in a number, encrypt it, and right after decrypt it, the numbers appear fine.  it is only when i query the database and decrypt what is stored in the database where the passwords get all weird even though the encrypted form of the passwords are the same.
happydog234Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CFDevHeadCommented:
Lets see your code.
0
happydog234Author Commented:
this works fine:
<cfset password = 2>
<cfset Encrypted = Encrypt(password, key)>
<cfset Decrypt = Decrypt(Encrypted, key)>
#Decrypt#

this doesnt work:
<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
      <cfset Decrypt = Decrypt(password, key)>
      #Decrypt#
</cfoutput>
0
CFDevHeadCommented:
when you select the password from the DB trim the felid to make sure there is any white space.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

CFDevHeadCommented:
if that doesn't work try using
<cfset password = 2>
<cfset key ='my fav. key!'>
<cfset Encrypted = cfusion_encrypt(password, key)>
<cfset Decrypt = cfusion_decrypt(Encrypted, key)>
<cfoutput>
#Decrypt#

</cfoutput>
0
Renante EnteraSenior PHP DeveloperCommented:
Try this one :

<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
     <cfset Decrypt = Decrypt('#password#', key)>
     #Decrypt#
</cfoutput>

Or you can have it this way :

<cfquery name=decrypting datasource=testing>
SELECT password FROM users
</cfquery>

<cfoutput query=decrypting>
     <cfset mypass = '#password#'>
     <cfset Decrypt = Decrypt(mypass, key)>
     #Decrypt#
</cfoutput>

Goodluck!
eNTRANCE2002 :-)
0
anandkpCommented:
Avoid using keywords like : "password" / "decrypt" as ur variable names !

normally the conversion shld be possible & u shld be able to get back ur values decrypted properly ... the reason there may be problems with this is -
1. u may have used different keys ...
2. there wld have been some special characters used [value / key] - which cldnt be formatted correctly while storing in teh DB ... thus the decryption resulted in a error ...
3. as mentioned above - using trim wld allow u to get rid of unwanted spaces - which may go un-noticed & can cause error...
0
jyokumCommented:
This will resolve your encryption/decryption problem.

http://www.experts-exchange.com/Web/WebDevSoftware/ColdFusion/Q_20746580.html#9417582

to encrypt...
myEncodedText = tobase64(encrypt(myText,"key123"));

to decrypt...
myDecodedText = decrypt(tostring(tobinary(myEncodedText)),"key123");

I wouldn't recommend using cfusion_encrypt and cfusion_decrypt since it is really easy to crack that encryption.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PE_CF_DEVCommented:
If you want to securely do this your best way is to hash the password....
so you would do this:
Update passwordtable
set password = #hash(password)#
where whatever

then upon login
select stuff
from passwordtable
where password = #hash(password)#

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.