Jason Dean

Recent Blog Comments By Jason Dean

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Jul 22, 2013 at 12:57 PM

  @Jason McNeill I just took a look at Railo and at the Railo source. The encrypt() and decrypt() functions are not implemented to the CFMX7+ standard. They are at pre=CFMX7 levels. I am afraid that if you want to use AES/CBC you will need to dig down into Java. Here is a blog post I found on ... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Jul 22, 2013 at 11:40 AM

  @Jason McNeill, I am downloading Railo now to see if I can make it work. I also sent a Twitter message to the Railo team to ask them to look at your comment. @Patrick G, That is a BIG question. The question everyone wants an answer to. I touch on it briefly in one of my presentations (which I... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Jan 27, 2013 at 4:20 PM

  @Dave, There is a lot more to consider in a crypto algorithm than the key length. However, key length is important. The length lengths you are seeing are for AES with its weakest key length (128-bit) and TripleDES with its strongest key length (168-bit). Even still AES-128 is still probably bett... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Feb 16, 2012 at 2:04 PM

  @Adam, I dunno, that all seems reasonable. How are you storing and retrieving the the key? You might also want to throw some trims around your data as you are putting it into the DB. Whitespace can show up in unusual places and cause you issues.... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Feb 16, 2012 at 12:26 PM

  @Adam, If I had to guess I would say that the problem is with how you are getting the encrypted data to the admin page. Possibly a problem with how you are staring or passing the data or maybe with how it is being encoded. It is hard to tell without some sample code/data. Would it be possible for... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 17, 2011 at 4:56 PM

  There are import/export laws pertaining to AES Encryption with key sizes higher than 128-bit. I don't pretend to understand the specifics. But if you are using 128-bit keys or less then I don't think you have anything to worry about. I believe this is why, if you want to use AES keys larger than 1... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 16, 2011 at 12:28 PM

  AES is actually rated by the U.S. Dept of Defense for classified material rated up to TOP SECRET (128-bit key for CLASSIFIED, 192-bit and 256-bit keys for SECRET AND TOP SECRET). So it is certainly useful beyond passwords. As Justin said, passwords are best stored as hashes unless you have a reall... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 9, 2011 at 11:19 AM

  @Ben, you may want to modify your code sample to use the uppercase. Just so others don't have similar issues.... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 9, 2011 at 11:10 AM

  @CD, In your generateSecretKey() call, try changing it to an uppercase AES generateSecretKey("AES") I saw it reported a few weeks ago that, at least on some systems, that if you use lower case AES that you get a 256-bit key instead of a 128-bit key, and if you do not have the unlimited ... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 9, 2011 at 10:39 AM

  Awesome post Ben. Good work, and I am glad I am helping. A couple minor corrections. "... you will also have to persist the secret key used to encrypt it. This is typically done in a database" Careful with that advice. All too often people make the mistake of storing the encryption key... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 18, 2011 at 11:10 PM

  Why am I not surprised that you have been making pottery instead of training. ;) You'll be scrap booking next. Let me know when you finish your cf.Objective() 2011 Scrapbook of Shame. I will order a copy.... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 16, 2011 at 10:50 AM

  Since I have been simultaneously promoted to villan and demoted to underdog in this post, I will gladly: - Bet against Ben in the 2012 match - Auction of Ben's arm on EBay after I separate it from his body In both cases, I will use the money for evil... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 16, 2011 at 10:36 AM

  Wow, the apologists just start pouring out don't they?... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 15, 2011 at 5:50 PM

  I'll be on a steady diet of jelly beans, comic books, and reruns of The Ghost Whisperer... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 15, 2011 at 5:24 PM

  In 2012, it's going to get real!! Bring it baby!! Tell you what... winner takes Simon Free to do with as he will.... read more »

• Ode To ColdFusion On Valentine's Day

  Posted on Feb 14, 2011 at 10:30 AM

  Awesome. Well done. Roberto's comment needs to be deleted though.... read more »

• A New Wrist Pain

  Posted on Oct 7, 2010 at 11:10 PM

  OMG, I can't believe I am still getting notification of comments on this thread. And, of course, it is the same old, tired fallacious logic, impossible-to-back-up claims, and arguments that completely miss the point. I've said what I am going to say, some of you people are going to believe in wha... read more »

• Manipulating Session Cookies In Application.cfc's Pseudo Constructor Triggers New Session Creation

  Posted on Apr 15, 2010 at 10:06 PM

  Now it makes more sense. I didn't realize it would grab the App.cfc path and not the path of the template that is the final destination. Clearly I didi not try it :) Thanks for clearing that up. I always wondered if I was being silly by just uniquely naming my apps.... read more »

• Manipulating Session Cookies In Application.cfc's Pseudo Constructor Triggers New Session Creation

  Posted on Apr 15, 2010 at 9:43 PM

  @ben, Using something like <cfset this.name = hash(getCurrentTemplatePath()) /> or <cfset this.name=createUUID()" /> has always confused me. I see people do it but I am not sure why. It seems like it should cause problems. Here are my thoughts. I believe it was you who taught me that ... read more »

• A New Wrist Pain

  Posted on Mar 21, 2010 at 11:13 AM

  @chiropractor suwanee, Spoken like someone trying to sell something. Other than for minor, temporary relief from some back pain, chiropractic treatment is nothing but placebo effect and quackery. Chiropractic "medicine" practitioners, just like those from acupuncture and other pseudosciences, lik... read more »