An existing coldfusion website is to be converted to dot net.
In the coldfusion code, the password is hashed using its hash() function with no algorithm:
SomePassword = '#hash(fldPassword)#'
I found this document, saying the default encryption is
CFMX_COMPAT: Generates a hash string identical to that generated by
ColdFusion MX and ColdFusion MX 6.1 (default).
There are some articles actually telling me how to decrypt.
According to Macromedia, The ColdFusion Encrypt function uses an
XOR-based algorithm that utilizes a pseudo random 32-bit key based on
a seed passed by the user as a parameter to the function. The
resulting data is UUencoded.You’ll need to uudecode the encoded value first
http://www.eggheadcafe.com/printsear…asp?linkid=351and then XOR it using the key it was encrypted with.
http://www.java2s.com/Code/CSharp/La…deamessage.htmIf you dont have the key – your wasting yuor time.
But, how to make it work? I don’t think there is any key. All I can see is '#hash(fldPassword)#'. Please help. Thanks.
Hashing and encryption are not the same thing. Encryption can be reversed. You can recover the original value if you have the right key, etectera. Whereas hashing is a one way trip. Once hashed, the original value cannot be recovered. (Well .. in theory. Some of the weaker hashing algorithms have been broken.) So you cannot “decrypt” a hashed value. But you can duplicate the obfuscated result string.
Actually it refers to the default algorithm. However, I am not so sure that description is correct. (Edit: As Rasmus correctly points out, it does say the default is MD5) However, CF9/7 default to MD5 anyway. Even when the algorithm is
CFMX_COMPAT. So in either case, a simple MD5 hash in C# would give you the same result.ie These all produce identical results ie
098F6BCD4621D373CADE4E832627B4F6.