tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rogério Meneguelli Gatto <ga...@softdes.com.br>
Subject Re: Password encryption
Date Fri, 06 Oct 2000 13:12:16 GMT
And yet one more...

Kitching, when I ran across this problem some time ago, we decided to translate
FreeBSD C algorithms to Java: they are just iterations on MD5 or SHA1, both
already available in Java.  By the way, you can get C sources from their CVS at
http://www.freebsd.org, and licensing won't be an issue.

[]'s
Rogério Gatto

Kitching Simon wrote:
> 
> hey, what a lot of replies this one is getting, considering it isn't about
> tomcat!
> 
> Well, here's one more..
> 
> I had exactly the same issue as you: needed to store passwords in a database
> but didn't want to store plain-text. In addition, I wanted an encryption
> function that
> could be run from both c and java, generating the same result. As I couldn't
> find
> free MD5 or SHA for both languages, I rolled my own (attached).
> 
> It certainly isn't "cryptographically strong", but is good enough for
> internal use.
> As you say, if anyone gets sufficient access to the system to read these
> passwords, there are far worse things they could do than try to crack them.
> 
> The output of the encode function is guarunteed to be plain text, exactly 8
> chars
> long (settable), ie quite suitable for inserting into a database field.
> 
> Please excuse the non-javadoc comments; I've never had enough spare time
> to learn javadoc. (shows my c++ background :-)
> 
> Cheers,
> 
> Simon
> 
>  <<Encryptor.java>>
> 
> > -----Original Message-----
> > From: Alistair Hopkins [SMTP:alistair@berthengron.co.uk]
> > Sent: Thursday, October 05, 2000 2:04 PM
> > To:   tomcat-user@jakarta.apache.org
> > Subject:      Password encryption
> >
> > Slightly off subject...
> >
> > I'm storing passwords for the site in my db.
> >
> > I'd like to encrypt them before writing to the db and after reading, so
> > they're not stored on disk in plain text.
> >
> > Can anyone recommend a simple java one-hit encryption method that will
> > protect them from casual pinching?  Something like unix crypt, I guess.
> >
> > I don't want/haven't the spare processing power to learn up on the javax
> > ssl package, as if anybody malicious is in my database it's not really
> > going to help much anyway...
> >
> > Thanks,
> > Alistair.
> 
>   -------------------------------------------------------------------------------
>                      Name: Encryptor.java
>    Encryptor.java    Type: Java File (application/x-unknown-content-type-JDeveloper.JavaFile)
>                  Encoding: quoted-printable

Mime
View raw message