tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Samuel Yuen <sy...@aquanet.com.br>
Subject Re: Password encryption
Date Mon, 09 Oct 2000 12:24:03 GMT

You can find implementation for MD5 and SHA in

http://www.cryptix.org/

Doesn't Sun also have implementation for those algorithms?

Samuel


Kitching Simon wrote:

> hey, what a lot of replies this one is getting, considering it isn't about
> tomcat!
>
> Well, here's one more..
>
> I had exactly the same issue as you: needed to store passwords in a database
> but didn't want to store plain-text. In addition, I wanted an encryption
> function that
> could be run from both c and java, generating the same result. As I couldn't
> find
> free MD5 or SHA for both languages, I rolled my own (attached).
>
> It certainly isn't "cryptographically strong", but is good enough for
> internal use.
> As you say, if anyone gets sufficient access to the system to read these
> passwords, there are far worse things they could do than try to crack them.
>
> The output of the encode function is guarunteed to be plain text, exactly 8
> chars
> long (settable), ie quite suitable for inserting into a database field.
>
> Please excuse the non-javadoc comments; I've never had enough spare time
> to learn javadoc. (shows my c++ background :-)
>
> Cheers,
>
> Simon
>
>  <<Encryptor.java>>
>
> > -----Original Message-----
> > From: Alistair Hopkins [SMTP:alistair@berthengron.co.uk]
> > Sent: Thursday, October 05, 2000 2:04 PM
> > To:   tomcat-user@jakarta.apache.org
> > Subject:      Password encryption
> >
> > Slightly off subject...
> >
> > I'm storing passwords for the site in my db.
> >
> > I'd like to encrypt them before writing to the db and after reading, so
> > they're not stored on disk in plain text.
> >
> > Can anyone recommend a simple java one-hit encryption method that will
> > protect them from casual pinching?  Something like unix crypt, I guess.
> >
> > I don't want/haven't the spare processing power to learn up on the javax
> > ssl package, as if anybody malicious is in my database it's not really
> > going to help much anyway...
> >
> > Thanks,
> > Alistair.
>
>   ------------------------------------------------------------------------
>                      Name: Encryptor.java
>    Encryptor.java    Type: Java Source (application/x-unknown-content-type-JBuilder.Java)
>                  Encoding: quoted-printable


Mime
View raw message