|
 | |
 | adec | | Asp.Net User |
| Re: Decrypting passwords encrypted using Cold Fusion Encrypt | 5/19/2003 12:48:18 PM |
| 0/0 |   |
|
Which Algorithm is used to Encrypt your passwords? (SHA1 etc)
Regards Andre Colbiornsen --------------------------------- [MVP Visual Developer Asp.Net] Sonnenburg Communications Friisgatan 33, SE-214 21 Malm? Sweden Mob.: +46-(0)708-97 78 79 Mail: [email protected]-------------------------------- |
| adec | | Asp.Net User |
| Re: Decrypting passwords encrypted using Cold Fusion Encrypt | 5/20/2003 8:22:12 AM |
| 0/0 | |
|
You'll have to find out what kind of encryption is being used. If it is one of the common hash algorithms used:
MD5
SHA1
SHA256
SHA384
SHA512
then you'll have a chance of solving this. Otherwise this can become very tricky and the best (and only) solution may be to reissue passwords to the clients.
If symmetric Encryption Algorithms are use, you need to find the keys used to generate the passwords and then, maybe, you can solve.
This is the price you'll have to pay for enhanced security. I would probably drop all the old passwords and generate new encrypted ones, which you mail to the clients and urge them to change them at their first convienient opportunity.
Regards Andre Colbiornsen --------------------------------- [MVP Visual Developer Asp.Net] Sonnenburg Communications Friisgatan 33, SE-214 21 Malm? Sweden Mob.: +46-(0)708-97 78 79 Mail: [email protected]-------------------------------- |
| duncan16 | | Asp.Net User |
| Re: Decrypting passwords encrypted using Cold Fusion Encrypt | 8/21/2005 4:50:02 AM |
| 0/0 | |
|
I'm a mediocre ASP.NET w/ VB.NET backend experience.... Learned it via
OTJT and still develop in it for fun right now. I'm just starting
to learn ColdFusion MX 6.1 for a new job that I'm trying to get.
The original poster was asking about the Hash() function. The
answer is that the user is having their passwords hashed in an MD5
encryption. To do this same encryption under ASP.NET with VB.NET
Passwords, they should look up the
"HashPasswordsForStoringInConfigFile('<Password>','<HashMethod>')"
function. What happens is that this is burried about 6 levels
from the main system.web..... structure.
The user will need to put the password in the password spot, and the
phrase "md5" in the HashMethod spot. The generated hash strings
will be exactly the same.
Let me know if this helps.
--Duncan
|
| bigBrain | | Asp.Net User |
| Re: Decrypting passwords encrypted using Cold Fusion Encrypt | 6/16/2006 3:51:03 AM |
| 0/0 | |
|
I have the same problem and I've tried all of the suggestions here, but nothing seems to work. The ColdFusion encrytion looks like this ~39:G:UM;:KB@~01~50~10 while the .Net encryption looks like this 32312kl3123119909.
Please help |
| valekm | | Asp.Net User |
| Re: Decrypting passwords encrypted using Cold Fusion Encrypt | 6/14/2007 5:49:17 AM |
| 0/0 | |
|
ASP code to place a link | <%@ Page Language="VB" Debug="true" %> | | <%@ Import Namespace="System.IO" %> | | <%@ Import Namespace="System.Text" %> | | <%@ Import Namespace="System.Security.Cryptography" %> | | | | <script runat=server language=vbscript> | | Public Class Encryption64 | | ' Use DES CryptoService with Private key pair | | Private key() As Byte = {} ' we are going to pass in the key portion in our method calls | | Private IV() As Byte = {80,108,67,75,101,121,87,83} 'this is the same as in the CF Code = PlCKeyWS | | | | | | Public Function DecryptFromBase64String(ByVal stringToDecrypt As String, ByVal sEncryptionKey As String) As String | | Dim inputByteArray(stringToDecrypt.Length) As Byte | | ' Note: The DES CryptoService only accepts certain key byte lengths | | ' We are going to make things easy by insisting on an 8 byte legal key length | | | | Try | | key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8)) | | Dim des As New DESCryptoServiceProvider() | | ' we have a base 64 encoded string so first must decode to regular unencoded (encrypted) string | | inputByteArray = Convert.FromBase64String(stringToDecrypt) | | ' now decrypt the regular string | | Dim ms As New MemoryStream() | | Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write) | | cs.Write(inputByteArray, 0, inputByteArray.Length) | | cs.FlushFinalBlock() | | Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8 | | Return encoding.GetString(ms.ToArray()) | | Catch e As Exception | | Return e.Message | | End Try | | End Function | | | | Public Function EncryptToBase64String(ByVal stringToEncrypt As String, ByVal SEncryptionKey As String) As String | | Try | | key = System.Text.Encoding.UTF8.GetBytes(Left(SEncryptionKey, 8)) | | Dim des As New DESCryptoServiceProvider() | | ' convert our input string to a byte array | | Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes(stringToEncrypt) | | 'now encrypt the bytearray | | Dim ms As New MemoryStream() | | Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write) | | cs.Write(inputByteArray, 0, inputByteArray.Length) | | cs.FlushFinalBlock() | | ' now return the byte array as a "safe for XMLDOM" Base64 String | | Return Convert.ToBase64String(ms.ToArray()) | | Catch e As Exception | | Return e.Message | | End Try | | End Function | | | | End Class | | | | Function CleanString(ByVal str As String) As String | | Dim clean As String | | ' clean the pluses and forward slashes that appear in the BASE64encoding | | clean = str.replace("+", "%2B") | | clean = clean.replace("/", "%2F") | | Return clean | | End Function | | | | Private enc As New Encryption64 | | 'Private newEncryptedData As String = enc.EncryptToBase64String("32132112", "pLcWe851tEpLcWe851tEPLCW") | | Private EncryptedData As String = enc.EncryptToBase64String("Name=Valentin&Group=STUDENT&DateTime=123014062007&URL=http://google.com", "ABCDEFGH") | | Private b64EncryptedData = Convert.FromBase64String(EncryptedData) | | Private newEncryptedData = CleanString(EncryptedData) | | </script> | | | | Logged in members can go to <a href="http://test.sneezy.gruden.int/cf8_17.cfm?P=<%=newEncryptedData%>">Sport Section</a> |
Coldfusion code to decrypt the link:
| <cfscript> | | theKey = ToBase64("ABCDEFGH"); | | Vector = ToBase64("PlCKeyWS"); | | baseVector = ToBinary(Vector); | | decrypted = decrypt(URL.P, theKey, "DES/CBC/NoPadding", "BASE64", baseVector); | | parameters = ListToArray(decrypted, "&"); | | </cfscript> | | | | <cfdump var="#parameters#"> |
|
| valekm | | Asp.Net User |
| Re: Decrypting passwords encrypted using Cold Fusion Encrypt | 6/14/2007 5:52:43 AM |
| 0/0 | |
|
And yes.. I forgot.. The code I put solves the reverse problem. Change Encrypt on Decrypt in coldfusion and FromBase64String to EncryptToBase64String to DecryptFromBase64String in .NET and adjust the code. This should solve your. |
| csandersii | | Asp.Net User |
| Re: Decrypting passwords encrypted using Cold Fusion Encrypt | 6/15/2007 6:06:21 PM |
| 0/0 | |
|
I've been able to do the decrypt on the .net side that decrypts the previous encryption, but unable to get the encryption of the coldfusion that decrypts correctly - getting "Bad Data" error. Can you show the proper encrypt function in Coldfusion....??
Cheers
|
| valekm | | Asp.Net User |
| Re: Decrypting passwords encrypted using Cold Fusion Encrypt | 6/15/2007 11:40:30 PM |
| 0/0 | |
|
As it appeared to be replacing encrypt with decrypt did not help the problem You should also change padding setting in coldfusion. See the reverse code below: .NET <html>
<head>
</head>
<body>
<%@ Page Language="VB" Debug="true" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Text" %>
<%@ Import Namespace="System.Security.Cryptography" %>
<script runat=server language=vbscript>
Public Class Encryption64
' Use DES CryptoService with Private key pair
Private key() As Byte = {} ' we are going to pass in the key portion in our method calls
Private IV() As Byte = {80,108,67,75,101,121,87,83}
Public Function DecryptFromBase64String(ByVal stringToDecrypt As String, ByVal sEncryptionKey As String) As String
Dim inputByteArray(stringToDecrypt.Length) As Byte
' Note: The DES CryptoService only accepts certain key byte lengths
' We are going to make things easy by insisting on an 8 byte legal key length
Try
key = System.Text.Encoding.UTF8.GetBytes(Left(sEncryptionKey, 8))
Dim des As New DESCryptoServiceProvider()
' we have a base 64 encoded string so first must decode to regular unencoded (encrypted) string
inputByteArray = Convert.FromBase64String(stringToDecrypt)
' now decrypt the regular string
Dim ms As New MemoryStream()
Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write)
cs.Write(inputByteArray, 0, inputByteArray.Length)
cs.FlushFinalBlock()
Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
Return encoding.GetString(ms.ToArray())
Catch e As Exception
Return e.Message
End Try
End Function
Public Function EncryptToBase64String(ByVal stringToEncrypt As String, ByVal SEncryptionKey As String) As String
Try
key = System.Text.Encoding.UTF8.GetBytes(Left(SEncryptionKey, 8))
Dim des As New DESCryptoServiceProvider()
' convert our input string to a byte array
Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes(stringToEncrypt)
'now encrypt the bytearray
Dim ms As New MemoryStream()
Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write)
cs.Write(inputByteArray, 0, inputByteArray.Length)
cs.FlushFinalBlock()
' now return the byte array as a "safe for XMLDOM" Base64 String
Return Convert.ToBase64String(ms.ToArray())
Catch e As Exception
Return e.Message
End Try
End Function
End Class
Function CleanString(ByVal str As String) As String
Dim clean As String
' clean the pluses and forward slashes that appear in the BASE64encoding
clean = str.replace("+", "%2B")
clean = clean.replace("/", "%2F")
Return clean
End Function
Function DecryptData()
Dim enc As New Encryption64
Dim base64encr As String = Request.QueryString("Q")
Dim DecryptedData As String = enc.DecryptFromBase64String(base64encr, "ABCDEFGH")
Return DecryptedData
End Function
</script>
<%=DecryptData()%>
</body>
</html>
ColdFusion <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Untitled</title>
</head>
<body>
<cfscript>
function CleanString(str) {
str = replace(str, "+", "%2B", "all");
str = replace(str, "/", "%2F", "all");
return str;
}
theKey = ToBase64("ABCDEFGH");
Vector = ToBase64("PlCKeyWS");
baseVector = ToBinary(Vector);
parameters = "Name=Valentin&Group=STU&DateTime=123014062007&URL=http://www.pymblelc.nsw.edu.au/PLC/pymble-members/sport--pymble/sports--pymble_home.cfm";
remain = len(parameters) MOD 8;
encrypted = encrypt(parameters, theKey, "DES/CBC/PKCS5Padding", "BASE64", baseVector);
decrypted = decrypt(encrypted, theKey, "DES/CBC/PKCS5Padding", "BASE64", baseVector);
</cfscript>
<cfoutput>
Click <a href="http://localhost:8080/plc2.aspx?Q=#CleanString(encrypted)#">here</a> to go to a .NET site<br />
#encrypted#<br />
#decrypted#
</cfoutput>
</body>
</html>
|
|
| |
Free Download:
Books:  Advanced Macromedia ColdFusion MX 7 Application Development: Application Developmen Authors: Ben Forta, Douglass North, et al, Pages: 991, Published: 2005 Hack Proofing ColdFusion: The Only Way to Stop a Hacker Is to Think Like One Authors: Syngress, Greg Meyer, Rob Rusher, Steven Casco, David An, Daryl Banttari, Pages: 512, Published: 2002 Macromedia ColdFusion MX 7 Web Application Construction Kit: web application construction kit Authors: Ben Forta, Raymond Camden, Leon Chalnick, Angela C. Buraglia, Pages: 1440, Published: 2005 ColdFusion Web Development with Macromedia Dreamweaver MX 2004: The Practical User's Guide Authors: Jen DeHaan, Peter DeHaan, Simon Horwith, Massimo Foti, Curtis Hermann, Edoardo Zubler, Pages: 469, Published: 2004 Programming ColdFusion MX: Creating Dynamic Web Applications Authors: Rob Brooks-Bilson, Pages: 1115, Published: 2003 Web:Decrypting passwords encrypted using Cold Fusion Encrypt - ASP.NET ... How do I decrypt passwords (using ASP .NET ) that have been encrypted using the Cold Fusion Encrypt function and stored in a database? ... ColdFusion Tutorials - EasyCFM.COM Using the ColdFusion ENCRYPT function. Encrypt uses a symmetric key-based algorithm in which the same key is used to encrypt and decrypt a string. ... Jeffry Houser's Blog: Using ColdFusion to create an Encryption ... Using ColdFusion to create an Encryption / Decryption Key from Plain Text. Posted At : May 13, 2008 9:00 AM | Posted By : Jeffry Houser ... encrypt decrypt coldfusion cfm template tool Encrypt / Decrypt coldfusion template fast, Encrypt by version : CF v3.x 4.x ... If we encrypt our codes by using your tool with a password protected,do we ... Strong encryption in ColdFusion MX 7 string String to encrypt or decrypt. This is always interpreted as a UTF-8 string for ColdFusion encryption. key Encryption key or password. ... ColdFusion 7 Strong Encryption ColdFusion MX 7 adds strong encryption support to the Encrypt and Decrypt functions. .... How to decrypt password which are encrypted by SHA1 Algorithm ... Coldfusion Base64 DES encryption / ASP .NET VB decrypt ... Does anyone know how or have an example of an query string parameter encrypted using cold fusion base64 DES method and needs to be decrypted by ASP . ... Cutter's Crossing: ColdFusion 8 Gotcha: The Decrypt() Function Mar 11, 2008 ... Maybe, if the value had been encrypted with ColdFusion 7, ... copy of ColdFusion 8: I could not decrypt the password I had just encrypted. ... Zoobie Says:: Using Java code in ColdFusion Oct 29, 2008 ... Instantiate the code in ColdFusion to encrypt your string ... String key = " URPublicKeyHere"; //Key/Password to decrypt the encrypted with ... Data Encryption in ColdFusion: An Overview of the Built-in Features Jan 25, 2006 ... There is no way to get the original data from the decrypted string. In ColdFusion you can set up this type of encryption using the hash ... |
|
Search This Site:
|
|