CFXWorks-Coldfusion: Encryption, Secure Messaging and Credit Card Processing
  [ENCRYPTION] - CryptoXpress CF General Questions
  1. What is CryptoXpress CF?
  2. What cryptography algorithms and modes of operation does it support?
  3. What is AES algorithm and why should I use it?
  4. How secure is AES?
  5. What if I forget my encryption key?
  6. What is a message digest and why should I use them?
  7. What is MD5?
  8. What is SHA1?
  9. Why use message digests?
  10. How secure are MD5 and SHA1?
  11. What is the length of a message digest?
  12. What are the export limitations of the CryptoXpress CF tag?
  13. What support is offered for CryptoXpress CF?
 
1). What is CryptoXpress CF?
 

CryptoXpress CF is a ColdFusion tag that encrypts and decrypts data using the AES or TripleDES (3DES) algorithm. AES and TripleDES both qualify as "strong encryption" as defined by the National Institute of Standards and Technology (NIST). The tag can be used to custom develop solutions that require the ability to encrypt/decrypt or digest files or data. Digesting data results in the creation of a message digest sometimes called a digital signature.

 
[ top ]
 
2). What cryptography algorithms and modes of operation does it support?
 

CryptoXpress CF supports the following encryption algorithms and modes of operation:

 
Algorithm: Mode of Operation:
  • AES 128-bit encryption
  • AES128/PKCS5Padding/CBC
  • AES 256-bit encryption
  • AES256/PKCS5Padding/CBC
  • TripleDES (3DES) encryption
  • 3DES/PKCS5Padding/CBC
  •  

    CryptoXpress CF supports the following message digest algorithms:

     
    Algorithm:
  • MD5
  • SHA1
  • [ top ]
     
    3). What is AES algorithm and why should I use it?
     

    AES is a block cipher (symmetric key) encryption algorithm that supports 128-bit, 192-bit and 256-bit key sizes. This algorithm was selected (10/2/2000) by the National Institute of Standards and Technology (NIST) as the new Federal Information Processing Standard (FIPS) for encryption. For a detailed discussion of the Advanced Encryption Standard (AES) selection process, please visit web site http://csrc.nist.gov/encryption/aes/. CFXWorks supports the 28-bit and 256-bit implementations of this algorithm. Note that AES was originally called Rijndael.

     

    Effective 12/04/2001, AES replaced DES as the new Federal Information Processing Standard (FIPS). In the future, the Federal Government is expected to require that all agencies within, suppliers to, and contractors and sub-contractors to the federal government, use the AES encryption algorithm. AES was selected because the performance characteristics, and form factor (code size), of this algorithm was thought to be superior to other known algorithms. It was also thought that the security level of AES was superior to all other currently available 128-256 bit encryption algorithms.

     
    [ top ]
     
    4).How secure is AES?
     

    To put this issue in perspective, here are some statistics presented by the National Institute of Standards and Technology (NIST) relative to the possibility that someone could crack a 128-bit AES encryption key. http://www.nist.gov.

     

    "In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message. Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old."

     
    [ top ]
     
    5). What if I forget my encryption key?
     

    AES is a very serious encryption algorithm. Hackers are not likely in our lifetime, to be able to compromise this algorithm. That is good news to white hatters (the good guys). Also, there are no known back doors to this algorithm. The bad news is that if you forget your encryption key, there is absolutely no way that CFXWorks, or any other organization known to exist, can bail you out! PLEASE NOTE: If you forget your encryption key, you should assume that your data is lost forever!

     
    [ top ]
     
    6). What is a message digest and why should I use them?
     

    The act of calculating a message digest is sometimes referred to as "digesting" the information. Encryption is intended to protect the confidentiality of data. However, how do you determine if a black hat (bad guy) has changed the contents of an encrypted data string or data file? Changing data content relates to data integrity, not data confidentiality. The solution to this issue is what cryptologist calls a message digest.

     

    A message digest (also sometimes referred to as a one-way hash function) is a fixed length computationally unique identifier corresponding to a set of data. The result of the algorithm is that each file or data string digested will map to a particular block of information called a message digest. The digest is not random; digesting the same unit of data with the same algorithm will always produce the same message digest.

     
    [ top ]
     
    7). What is MD5?
     
    MD5 belongs to a family of one-way hash functions called message digest algorithms. The MD5 system is defined in RFC 1321. MD5 takes a message of arbitrary length and produces as output a 128-bit message digest. It is conjectured that it is computationally infeasible to produce two different messages having the same message digest, or to produce any message having a given message digest.
     
    [ top ]
     
    8). What is SHA1?
     
    SHA1 is also a member of the family of one-way hash functions called message digest algorithms. The SHA1 system is defined in RFC 13174. SHA1 takes a message of arbitrary length and produces as output a 160-bit message digest. It is conjectured that it is computationally infeasible to produce two different messages having the same message digest, or to produce any message having a given message digest.
     
    [ top ]
     
    9). Why use message digests?
     

    Message digests have many uses. In particular they are used to authenticate data. For example, to create a digest for authentication, data can be digested and the digest saved. Later, to validate that the data has not been altered, the data is digested again and the result is compare against the original digest. If they differ, the data has been altered. This is very different from encryption because the actual data is not modified when it is digested. Encryption is intended to protect the confidentiality of data. A message digest is used to assure data integrity.

     
    [ top ]
     
    10). How secure are MD5 and SHA1?
     

    It is said that the difficulty of coming up with two messages having the same message digest is in the order of 2^64. The difficulty in defining a message with a specific message digest is in the order of 2^128. There are many other message digest algorithms including: CRC32, MD2, MD4 and SHA1. MD5 is slower, but considered much more secure than CRC32, MD2 or MD4.

     

    SHA1 is believed to be more secure than MD5, but much slower. MD5 is probably the most popular message digest algorithm in use today because it offers a reasonable balance between performance and security. Both MD5 and SHA1 are supported by the CryptoXpress CF tag.

     

    You can learn more about MD5 at: http://www.nic.mil/ftp/rfc/rfc1321.txt

     

    You can learn more about SHA1 at: http://www.itl.nist.gov/fipspubs/fip180-1.htm

     
     
    [ top ]
     
    11). What is the length of a message digest?
     

    MD5 message digests are always 16 bytes long. These bytes may be any of the 256 binary characters including hex 0x00. For ColdFusion to properly handle these data strings, CFX_MD5 translates the message digest to a 32-byte character string that is a hex representation of the message digest. SHA1 message digests are always 20 bytes long. These bytes may be any of the 256 binary characters including hex 0x00. For ColdFusion to properly handle these data strings, CFX_MD5 translates the message digest to a 40-byte character string that is a hex representation of the message digest.

     
    [ top ]
     
    12). What are the export limitations of the CryptoXpress CF tag?
     

    The CryptoXpress CF tag contains encryption technology that is subject to the U.S. Export Administration Regulations and other U.S. law, and may not be exported or re-exported to certain countries (currently Afghanistan (Taliban-controlled areas), Cuba, Iran, Iraq, Libya, North Korea, Serbia (except Kosovo), Sudan and Syria) or to persons or entities prohibited from receiving U.S. exports (including Denied Parties, entities on the Bureau of Export Administration Entity List, and Specially Designated Nationals). For more information on the U.S. Export Administration Regulations http://www.bxa.doc.gov/Encryption/regs.htm , 15 C.F.R. Parts 730-774, and the Bureau of Export Administration U. S. Department of Commerce. Please see the home page http://www.bxa.doc.gov

     
    [ top ]
     
    13). What support is offered for CryptoXpress CF?
     

    Thirty day support is offered with the tag. Support is provided for the tag via email. We will attempt to respond to emails addressed to support@cfxworks.com. Users can also purchase support on a subscription basis from CFXWorks.

     
    [ top ]
    Print this

      CryptoXpress CF:

  • CryptoXpress CF Brief
  • CryptoXpress CF Brochure
  • Installation & User Guide
  • Buy Now
  • CryptoXpress CF
       © 2017 CFXWorks Inc. All rights reserved. Sitemap |   Login | Home |   Contact | Privacy | Legal