Community Member Profile

Recent Blog Comments By Jason Dean

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Jan 27, 2013 at 4:20 PM

  @Dave, There is a lot more to consider in a crypto algorithm than the key length. However, key length is important. The length lengths you are seeing are for AES with its weakest key length (128-bit) and TripleDES with its strongest key length (168-bit). Even still AES-128 is still... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Feb 16, 2012 at 2:04 PM

  @Adam, I dunno, that all seems reasonable. How are you storing and retrieving the the key? You might also want to throw some trims around your data as you are putting it into the DB. Whitespace can show up in unusual places and cause you issues.... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Feb 16, 2012 at 12:26 PM

  @Adam, If I had to guess I would say that the problem is with how you are getting the encrypted data to the admin page. Possibly a problem with how you are staring or passing the data or maybe with how it is being encoded. It is hard to tell without some sample code/data. Would it be... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 17, 2011 at 4:56 PM

  There are import/export laws pertaining to AES Encryption with key sizes higher than 128-bit. I don't pretend to understand the specifics. But if you are using 128-bit keys or less then I don't think you have anything to worry about. I believe this is why, if you want to use AES keys large... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 16, 2011 at 12:28 PM

  AES is actually rated by the U.S. Dept of Defense for classified material rated up to TOP SECRET (128-bit key for CLASSIFIED, 192-bit and 256-bit keys for SECRET AND TOP SECRET). So it is certainly useful beyond passwords. As Justin said, passwords are best stored as hashes unless you have... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 9, 2011 at 11:19 AM

  @Ben, you may want to modify your code sample to use the uppercase. Just so others don't have similar issues.... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 9, 2011 at 11:10 AM

  @CD, In your generateSecretKey() call, try changing it to an uppercase AES generateSecretKey("AES") I saw it reported a few weeks ago that, at least on some systems, that if you use lower case AES that you get a 256-bit key instead of a 128-bit key, and if you do not h... read more »

• Jason Dean Tells Me To Use AES (Advanced Encryption Standard) Encryption

  Posted on Aug 9, 2011 at 10:39 AM

  Awesome post Ben. Good work, and I am glad I am helping. A couple minor corrections. "... you will also have to persist the secret key used to encrypt it. This is typically done in a database" Careful with that advice. All too often people make the mistake of storing... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 18, 2011 at 11:10 PM

  Why am I not surprised that you have been making pottery instead of training. ;) You'll be scrap booking next. Let me know when you finish your cf.Objective() 2011 Scrapbook of Shame. I will order a copy.... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 16, 2011 at 10:50 AM

  Since I have been simultaneously promoted to villan and demoted to underdog in this post, I will gladly: - Bet against Ben in the 2012 match - Auction of Ben's arm on EBay after I separate it from his body In both cases, I will use the money for evil... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 16, 2011 at 10:36 AM

  Wow, the apologists just start pouring out don't they?... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 15, 2011 at 5:50 PM

  I'll be on a steady diet of jelly beans, comic books, and reruns of The Ghost Whisperer... read more »

• At cf.Objective() 2012 Jason Dean Is Going Down!

  Posted on May 15, 2011 at 5:24 PM

  In 2012, it's going to get real!! Bring it baby!! Tell you what... winner takes Simon Free to do with as he will.... read more »

• Ode To ColdFusion On Valentine's Day

  Posted on Feb 14, 2011 at 10:30 AM

  Awesome. Well done. Roberto's comment needs to be deleted though.... read more »

• A New Wrist Pain

  Posted on Oct 7, 2010 at 11:10 PM

  OMG, I can't believe I am still getting notification of comments on this thread. And, of course, it is the same old, tired fallacious logic, impossible-to-back-up claims, and arguments that completely miss the point. I've said what I am going to say, some of you people are going to b... read more »

• Escaping Form Values - Understanding The ColdFusion htmlEditFormat() Life Cycle

  Posted on Sep 4, 2010 at 12:06 AM

  Great post Ben. I agree with Rick. There really is no reason not to use XMLFormat() over HTMLEditFormat() and there is a situation where you actually need the protection of XMLFormat(), because it escapes single quotes. When using untrusted input inside of HTML attribute values that... read more »

• Manipulating Session Cookies In Application.cfc's Pseudo Constructor Triggers New Session Creation

  Posted on Apr 15, 2010 at 10:06 PM

  Now it makes more sense. I didn't realize it would grab the App.cfc path and not the path of the template that is the final destination. Clearly I didi not try it :) Thanks for clearing that up. I always wondered if I was being silly by just uniquely naming my apps.... read more »

• Manipulating Session Cookies In Application.cfc's Pseudo Constructor Triggers New Session Creation

  Posted on Apr 15, 2010 at 9:43 PM

  @ben, Using something like <cfset this.name = hash(getCurrentTemplatePath()) /> or <cfset this.name=createUUID()" /> has always confused me. I see people do it but I am not sure why. It seems like it should cause problems. Here are my thoughts. I believe it was you w... read more »

• A New Wrist Pain

  Posted on Mar 21, 2010 at 11:13 AM

  @chiropractor suwanee, Spoken like someone trying to sell something. Other than for minor, temporary relief from some back pain, chiropractic treatment is nothing but placebo effect and quackery. Chiropractic "medicine" practitioners, just like those from acupuncture and other p... read more »

• Clearing The Session Scope Does Not End Your ColdFusion Session

  Posted on Feb 11, 2010 at 3:24 PM

  @David CFTracker is very cool. I just downloaded it and was playing around. You have definitely figured out how to do something that I have been trying to do for a long time. It seems that you can, in fact, expire ColdFusion sessions with setMaxInactiveInterval(1). That is awesome.... read more »