tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varley, Roger" <Roger.Var...@atosorigin.com>
Subject RE: Question for Tomcat Developers - How to Plug In Encryption for JDBC passwords
Date Mon, 28 Feb 2005 09:34:02 GMT
> 
> If I can see your encrypted passwords, then I can see the 
> code that decrypts 
> them. And with that I have your passwords. It only adds a 
> step to my effort 
> to crack your security.
> 

Is that strictly true? If you use the method that is used to encrypt Unix passwords (google
for JCrypt for an implementation) then isn't this a one-way hash and you can't decrypt the
passwords by reversing the algorithmn?

Regards
Roger


__________________________________________________________________________
This e-mail and the documents attached are confidential and intended 
solely for the addressee; it may also be privileged. If you receive this 
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group 
liability cannot be triggered for the message content. Although the 
sender endeavours to maintain a computer virus-free network, the sender 
does not warrant that this transmission is virus-free and will not be 
liable for any damages resulting from any virus transmitted.
__________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message