ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Donald <dona...@mad.scientist.com>
Subject Re: Password storage (was Re: FTP & JSPC)
Date Wed, 02 Aug 2000 00:41:48 GMT
At 12:54  1/8/00 -0700, you wrote:
>But if you are paranoid then the java.security.Keystore class is the place
>to start -except it is a Java1.2 feature (and security changed again in
>java1.3) . So doing sophisticated password protection is going to be tricky
>across all ant supported platforms. Also I dont know how well the keystore
>really encrypts stuff, especially in exported JVMs.

It doesn't really encrypt anything. Most of it can be read via a hex editor
and the other bit (private keys) are likely protected by same passwd as
general keystore which can be easily found or alternatively you just do a
brute forces search and brake it. Should take all of 40 mins in JKS
.keystore files :/


Cheers,

Pete

*------------------------------------------------------*
| "Nearly all men can stand adversity, but if you want |
| to test a man's character, give him power."          |
|       -Abraham Lincoln                               |
*------------------------------------------------------*

Mime
View raw message