Is there anyway to change the hash algorithm use to encrypt ColdFusion Administrator password?

No one can access that file (it pretty much locked to the outside world, at least to my knowledge). I am just basically looking to see if ColdFusion "supported" SHA-256 hash algorithm. I know the hash function support SHA-256 and so forth, not sure if ColdFusion itself support SHA-256 hash algorithm (where ever it calculate hash value).

Thanks!

The CF Administrator is just a CF application itself. When you say that the hash function supports SHA-256, that means that ColdFusion itself supports SHA-256. To the best of my knowledge, CF doesn't calculate hashes in any meaningful sense unless instructed to by a CF application.

Dave Watts, CTO, Fig Leaf Software

John,  The encrypt function does not support SHA-256 as an algorithm because it is a hash algorithm not an encryption algorithm. The Hash function does support SHA-256, along with several others, see the docs: http://cfdocs.org/hash and http://cfdocs.org/encrypt

Not trying to be nit picky but there is a big difference betwen hashing a string and encrypting it, and that difference is when you encrypt it you can get the original string back by decrypting. Hash algorithms are designed not to be reversable, which makes them good for storing passwords.

Peter,

It is another case of finger moving faster than the brain, SHA is a hash not an encryption algorithm. I have a client that is moving toward SHA-256 hash and want to make sure ColdFusion support it. We have code that use hash function but has function does supported SHA-256 so that is fine. I am just wondering if there is any other place in ColdFusion (such as password.properties, configuration, etc) that use hash. If there is, I was wondering if there is a way to change it.

Thanks,

John