From user-return-21134-archive-asf-public=cust-asf.ponee.io@openmeetings.apache.org Sat Apr 18 01:31:44 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 3530D180647 for ; Sat, 18 Apr 2020 03:31:44 +0200 (CEST) Received: (qmail 44684 invoked by uid 500); 18 Apr 2020 01:31:43 -0000 Mailing-List: contact user-help@openmeetings.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@openmeetings.apache.org Delivered-To: mailing list user@openmeetings.apache.org Received: (qmail 44674 invoked by uid 99); 18 Apr 2020 01:31:43 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Apr 2020 01:31:43 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id C965BC0350 for ; Sat, 18 Apr 2020 01:31:42 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.07 X-Spam-Level: X-Spam-Status: No, score=-0.07 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, HTML_MESSAGE=0.2, KAM_NUMSUBJECT=0.5, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.821, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id l47cq-lXcXI1 for ; Sat, 18 Apr 2020 01:31:41 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.208.170; helo=mail-lj1-f170.google.com; envelope-from=solomax666@gmail.com; receiver= Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 0CF39BB9A1 for ; Sat, 18 Apr 2020 01:31:41 +0000 (UTC) Received: by mail-lj1-f170.google.com with SMTP id z26so3911210ljz.11 for ; Fri, 17 Apr 2020 18:31:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=LLpeUIqwll8M6Ck/hsfoOEhx1LZFljLKK7L3ITdGTlE=; b=PYQ1SXmxz7RBtHuqE074lz3++CroCk2tdVepxbaczyVDcqG/VJ0Lt53JJP+hClAHM/ G1GqqXn5IZaTMGpAfiHX52mwhLT2XUVKUvz4n/AUwJgXZwQnIH0UV+Jadik6B5QECeeo gg4b4syCtda/9yqy+aP0O400jXowTbBhj4+bHFABBCaEeEjmstWu1wbnedtJT2KvGt2B lgM3Z5q+OTrzE+tadrhw9I5G9RzQgqMaDiE+qf2Vu7hgV4KbC6jETAYAnIXRqx2FKME3 rX0sHQoYm453OG9qBb9EqS/syPAoyAfW3GxryzMRjMG9An0nceKqusXIfgrXzKf9VEaJ YoBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=LLpeUIqwll8M6Ck/hsfoOEhx1LZFljLKK7L3ITdGTlE=; b=fh7A/EdHE9TqACYJuzOQkntt3ezCZ3iukWKWJkQHqhrGvWf0Ci6pROcIVxAxBgAAl8 i9Lr0U9UhFS+HbGvclCdo/HFqFrWejw8I9Va4+pwBih8qdXzQKfulBFVrhxrRtO0qF/W nm7AmT1mnrPCqtbOx6p2OCBB8jpDagx6rWix9WzXqsCh5UT6d+igln9OMmmlELsyb8X4 LT9H16yvp8RNc80x6yjmL9TOW2gqVu0VdaZepKng8xKSavxypj5XHTMioWMwkq0HyRpK jENBoo0R4Sm/gNpAMEImeboE5teVJBvHneaFWptKgmaeKS/KCp9kI1aSbDyYrN+2frcc xebQ== X-Gm-Message-State: AGi0PuYgZgNebb9eY+Xmwrja+HBplgoGx+k33dfs5z0Q0DnE3UxClSjI 9QJtdyNRDYjeAyPF0VDS6GJZshSfLqnCXjD+zORwntH7 X-Google-Smtp-Source: APiQypKsP6Y2IUnoT2knfmUSEFFa7o0SP+TL86bjarU/4Yu55mnCZTwqc+dl1i2DisUNv5TtjcQ0szFI+KZ4Y83OcnU= X-Received: by 2002:a05:651c:50a:: with SMTP id o10mr3409219ljp.163.1587173494115; Fri, 17 Apr 2020 18:31:34 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Maxim Solodovnik Date: Sat, 18 Apr 2020 08:31:22 +0700 Message-ID: Subject: Re: change password encoding MD5 To: Openmeetings user-list Content-Type: multipart/alternative; boundary="0000000000005053c905a386a0a6" --0000000000005053c905a386a0a6 Content-Type: text/plain; charset="UTF-8" I can create example project for this (please ping me if i will be too silent) According to MD5 as password hash function: this is bad idea https://security.stackexchange.com/questions/52461/how-weak-is-md5-as-a-password-hashing-function On Sat, 18 Apr 2020 at 02:42, K. Kamhamea wrote: > OMG. I'm not experienced with Java. We are doing python mostly and > Javascript and rarely some C++ but never Java. > > I tried to compile your MD5implementation file > > https://github.com/apache/openmeetings/blob/5.0.0-M3/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java > but it failed because of missing dependencies. It probably requires the > whole source of the project being downloaded and properly installed. > So for the moment I decided I wouldn't spend my time to test all this I'm > just going to copy your detailed instruction into the Manual. > > The reason why I was so interested in this topic is because of > compatibility problems. I haven't found yet a python encryption library > that is compatible. By contrast, MD5 is a standard that is widely used. > > Thank you again so much for your help > K. > > > > Am Fr., 17. Apr. 2020 um 16:15 Uhr schrieb Maxim Solodovnik < > solomax666@gmail.com>: > >> >> >> On Fri, 17 Apr 2020 at 18:54, K. Kamhamea >> wrote: >> >>> I was just about testing other encryption methods as described >>> https://openmeetings.apache.org/CustomCryptMechanism.html >>> >> >> I doubt anyone ever try this :) >> >> >>> >>> Here I run into the following undocumented problems >>> 1. Where to copy the MD5Implementation.java >>> >>> file into my file system >>> >> >> This is basic JAVA question :) >> Java programs need to be compiled >> i.e. After you have created class (which MUST implement interface) you >> need to >> 1) compile this class >> 2) Pack into JAR file >> 3) Put jar to webapps/openmeetings/WEB-INF/lib >> >> >>> 2. How to set the CLASSPATH so that it can be found anywhere in my >>> filesystem >>> >> >> jars from webapps/openmeetings/WEB-INF/lib are being loaded automatically >> >> >>> 3. What is actually the text string to be added into the configuration >>> variable " crypt.class.name " >>> >> >> In JAVA classes are usually being created in packages (to resolve >> possible name clashes) >> so You need to write something like: >> >> package com.googlemail.kamhamea; >> >> public class MySecureCryptProvider implements ICrypt { >> ........your secure algorithm here .......... >> } >> >> In config value you should write: >> "com.googlemail.kamhamea.MySecureCryptProvider" >> >> >> >>> Alternatively I tried this class >>> >>> http://openmeetings.apache.org/openmeetings-util/apidocs/org/apache/openmeetings/util/crypt/MD5.html >>> >>> But changing the configuration variable to " >>> org.apache.openmeetings.util.crypt.MD5 " creates but an error. >>> >> >> >> https://github.com/apache/openmeetings/blob/5.0.0-M3/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java >> Can't be used due to it doesn't implements ICrypt >> >> >> >>> >>> Best K. >>> >> >> >> -- >> Best regards, >> Maxim >> > -- Best regards, Maxim --0000000000005053c905a386a0a6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I can create example project for this (please ping me if i= will be too silent)

According to MD5 as password hash f= unction: this is bad idea

On Sat, 18 Apr 2020 at 02:42, K. Kamhamea &= lt;kamhamea@googlemail.com&g= t; wrote:
OMG. I'm not experienced with Java. We= are doing python mostly and Javascript and rarely some C++ but never Java.=

I tried to compile your MD5implementation file
but it failed because of missing= dependencies. It probably requires the whole source of the project being d= ownloaded and properly installed.
So for the moment I decide= d I wouldn't spend my time to test all this I'm just going to copy = your detailed instruction into the Manual.

The rea= son why I was so interested in this topic is because of compatibility probl= ems. I haven't found yet a python encryption library that is compatible= . By contrast, MD5 is a standard that is widely used.

<= div>Thank you again so much for your help
K.



Am Fr., 17. Apr. 2020 um 16:15=C2=A0Uhr schrieb M= axim Solodovnik <solomax666@gmail.com>:


On Fri, 17 Apr 2020 = at 18:54, K. Kamhamea <kamhamea@googlemail.com> wrote:
I was just about t= esting other encryption methods as described

I doubt anyone ever try this :)
=C2= =A0

Here I run into the following undocumented problems
1. Where to copy the=20 MD5Implementation.ja= va file into my file system

This is basic JAVA question :)
Java programs need to be compiled=
i.e. After you have created class (which MUST implement interfac= e) you need to=C2=A0
1) compile this class
2) Pack into= JAR file
3) Put jar to webapps/openmeetings/WEB-INF/lib
=C2=A0
2. How to set the CLASSPATH so that it can be found anywhere in = my filesystem

jars from=C2=A0we= bapps/openmeetings/WEB-INF/lib are being loaded automatically
=C2= =A0
3. What is actually the text string to be added into the configuratio= n variable " crypt.class.nam= e "

In JAVA classes are usua= lly being created in packages (to resolve possible name clashes)
= so You need to write something like:

package=C2=A0= com.googlemail.kamhamea;

public class MySecureCryp= tProvider implements ICrypt {
=C2=A0 =C2=A0........your secure al= gorithm here ..........
}

In config valu= e you should write: "com.googlemail.kamhamea.MySecureCryptProvider&quo= t;



Alternatively I tried thi= s class

But changing the= configuration variable to " org.apache.openmeetings.util.crypt.MD5 " creates but an error.

https://github.com/apache/openmeetings/blob/5.0.0-M3/openmeetings-ut= il/src/main/java/org/apache/openmeetings/util/crypt/MD5.java
<= div>Can't be used due to it doesn't implements=C2=A0ICrypt

=C2=A0

Best K.


--
Best regards,
Maxim


--
Best regards,
Maxim
--0000000000005053c905a386a0a6--