HASH  
Description

Converts a variable-length string to a fixed-length string that can act as a "fingerprint" or unique identifier for the original string. It is not possible to convert the hash result back to the source string.

 
Returns

A string.

 
Category

Conversion functions, Security functions, String functions

 
Function syntax
Hash(string[, algorithm[, encoding]] )
 
History

ColdFusion MX 7: Added the algorithm and encoding parameters.

 
Parameters

 
Usage

The result of this function is useful for comparison and validation. For example, you can store the hash of a password in a database without exposing the password. You can check the validity of the password by hashing the entered password and comparing the result with the hashed password in the database.

ColdFusion MX 7 uses the Java Cryptography Extension (JCE) and installs a Sun Java 1.4.2 runtime that includes the Sun JCE default security provider. This provider includes the algorithms listed in the Parameters section. The JCE framework includes facilities for using other provider implementations; however, Macromedia cannot provide technical support for third-party security providers.

The encoding attrbute is normally not required. It provides a mechanism for generating identical hash values on systems with different default encodings. ColdFusion uses a default encoding of UTF-8 unless you modify the defaultCharset entry in the neo-runtime.xml file.

 
Example

The following example lets you enter a password and compares the hashed password with a hash value saved in the SecureData table of the cfdocexamples database. This table has the following three entries:

   

12

abc

14

def

15

ghi

 

<h3>Hash Example</h3>

<!--- Do the following if the form is submitted. --->
<cfif IsDefined("Form.UserID")>

   <!--- query the data base. ---> 
   <cfquery name = "CheckPerson" datasource = "cfdocexamples">
      SELECT PasswordHash
      FROM SecureData
      WHERE UserID = <cfqueryparam value = "#Form.userID#"
         cfsqltype = "CF_SQL_CHARVAR"> 
   </cfquery>

   <!--- Compare query PasswordHash field and the hashed form password
         and display the results. --->
   <cfoutput>
      <cfif Hash(Form.password, "SHA") is not checkperson.passwordHash>
         User ID #Form.userID# or password is not valid. Try again.
      <cfelse>
         Password is valid for User ID #Form.userID#.
      </cfif>
   </cfoutput>
</cfif>

<!--- Form for entering ID and password. --->
<form action="#CGI.SCRIPT_NAME#" method="post">
   <b>User ID: </b>
   <input type = "text" name="UserID" ><br>
   <b>Password: </b>
   <input type = "text" name="password" ><br><br>
   <input type = "Submit" value = "Encrypt my String">
</form>

String to hash.

STRING  

(Optional) The algorithm to use to hash the string. ColdFusion MX installs a cryptography library with the following algorithms:

If you install a security provider with additional cryptography algorithms, you can also specify any of its hashing algorithms.

ALGORITHM  

(Optional; to use this attribute you must also specify the algorithm parameter) A string specifying the encoding to use when converting the string to byte data used by the hash algorithm. Must be a character encoding name recognized by the Java runtime. The default value is the value specified by the defaultCharset entry in the neo-runtime.xml file, which is normally UTF-8. Ignored when using the CFMX_COMPAT algorithm.

ENCODING