openmeetings-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "K. Kamhamea" <kamha...@googlemail.com>
Subject Re: change password encoding MD5
Date Sat, 18 Apr 2020 11:44:18 GMT
You are right we should not invest to much time and efforts here. It is
rather a negligibility. I just want to keep the manual as detailed as
possible. But there are many other more pressing things to solve. I will
create a new thread for that.
K.

Am Sa., 18. Apr. 2020 um 03:31 Uhr schrieb Maxim Solodovnik <
solomax666@gmail.com>:

> I can create example project for this (please ping me if i will be too
> silent)
>
> According to MD5 as password hash function: this is bad idea
>
> https://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-password-hashing-function
>
> On Sat, 18 Apr 2020 at 02:42, K. Kamhamea <kamhamea@googlemail.com> wrote:
>
>> OMG. I'm not experienced with Java. We are doing python mostly and
>> Javascript and rarely some C++ but never Java.
>>
>> I tried to compile your MD5implementation file
>>
>> https://github.com/apache/openmeetings/blob/5.0.0-M3/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java
>> but it failed because of missing dependencies. It probably requires the
>> whole source of the project being downloaded and properly installed.
>> So for the moment I decided I wouldn't spend my time to test all this I'm
>> just going to copy your detailed instruction into the Manual.
>>
>> The reason why I was so interested in this topic is because of
>> compatibility problems. I haven't found yet a python encryption library
>> that is compatible. By contrast, MD5 is a standard that is widely used.
>>
>> Thank you again so much for your help
>> K.
>>
>>
>>
>> Am Fr., 17. Apr. 2020 um 16:15 Uhr schrieb Maxim Solodovnik <
>> solomax666@gmail.com>:
>>
>>>
>>>
>>> On Fri, 17 Apr 2020 at 18:54, K. Kamhamea <kamhamea@googlemail.com>
>>> wrote:
>>>
>>>> I was just about testing other encryption methods as described
>>>> https://openmeetings.apache.org/CustomCryptMechanism.html
>>>>
>>>
>>> I doubt anyone ever try this :)
>>>
>>>
>>>>
>>>> Here I run into the following undocumented problems
>>>> 1. Where to copy the MD5Implementation.java
>>>> <https://github.com/apache/openmeetings/blob/256e5cd11e5af8f422688dfc1d01ac66b370d7a0/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java>
>>>> file into my file system
>>>>
>>>
>>> This is basic JAVA question :)
>>> Java programs need to be compiled
>>> i.e. After you have created class (which MUST implement interface) you
>>> need to
>>> 1) compile this class
>>> 2) Pack into JAR file
>>> 3) Put jar to webapps/openmeetings/WEB-INF/lib
>>>
>>>
>>>> 2. How to set the CLASSPATH so that it can be found anywhere in my
>>>> filesystem
>>>>
>>>
>>> jars from webapps/openmeetings/WEB-INF/lib are being loaded automatically
>>>
>>>
>>>> 3. What is actually the text string to be added into the configuration
>>>> variable " crypt.class.name "
>>>>
>>>
>>> In JAVA classes are usually being created in packages (to resolve
>>> possible name clashes)
>>> so You need to write something like:
>>>
>>> package com.googlemail.kamhamea;
>>>
>>> public class MySecureCryptProvider implements ICrypt {
>>>    ........your secure algorithm here ..........
>>> }
>>>
>>> In config value you should write:
>>> "com.googlemail.kamhamea.MySecureCryptProvider"
>>>
>>>
>>>
>>>> Alternatively I tried this class
>>>>
>>>> http://openmeetings.apache.org/openmeetings-util/apidocs/org/apache/openmeetings/util/crypt/MD5.html
>>>>
>>>> But changing the configuration variable to "
>>>> org.apache.openmeetings.util.crypt.MD5 " creates but an error.
>>>>
>>>
>>>
>>> https://github.com/apache/openmeetings/blob/5.0.0-M3/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java
>>> Can't be used due to it doesn't implements ICrypt
>>>
>>>
>>>
>>>>
>>>> Best K.
>>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>
>
> --
> Best regards,
> Maxim
>

Mime
View raw message