tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kitching Simon <Simon.Kitch...@orange.ch>
Subject RE: Password encryption
Date Thu, 05 Oct 2000 16:29:47 GMT
hey, what a lot of replies this one is getting, considering it isn't about
tomcat!

Well, here's one more..

I had exactly the same issue as you: needed to store passwords in a database
but didn't want to store plain-text. In addition, I wanted an encryption
function that 
could be run from both c and java, generating the same result. As I couldn't
find
free MD5 or SHA for both languages, I rolled my own (attached).

It certainly isn't "cryptographically strong", but is good enough for
internal use.
As you say, if anyone gets sufficient access to the system to read these
passwords, there are far worse things they could do than try to crack them.

The output of the encode function is guarunteed to be plain text, exactly 8
chars
long (settable), ie quite suitable for inserting into a database field.

Please excuse the non-javadoc comments; I've never had enough spare time
to learn javadoc. (shows my c++ background :-)

Cheers,

Simon

 <<Encryptor.java>> 

> -----Original Message-----
> From:	Alistair Hopkins [SMTP:alistair@berthengron.co.uk]
> Sent:	Thursday, October 05, 2000 2:04 PM
> To:	tomcat-user@jakarta.apache.org
> Subject:	Password encryption
> 
> Slightly off subject...
> 
> I'm storing passwords for the site in my db.
> 
> I'd like to encrypt them before writing to the db and after reading, so 
> they're not stored on disk in plain text.
> 
> Can anyone recommend a simple java one-hit encryption method that will 
> protect them from casual pinching?  Something like unix crypt, I guess.
> 
> I don't want/haven't the spare processing power to learn up on the javax 
> ssl package, as if anybody malicious is in my database it's not really 
> going to help much anyway...
> 
> Thanks,
> Alistair.

Mime
View raw message