tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harish Prabandham <Harish.Praband...@Eng.Sun.COM>
Subject Re: [VOTE] Short Term Plan: Add Security Management Capabilities to Tomc
Date Sat, 16 Oct 1999 14:36:12 GMT
Any one way hash algorithm is good enough. The point that James was
making was to use the MD5 algorithm that every JDK ships with....


Harish

Ben Laurie wrote:

> James Davidson wrote:
> > What about using java.security.MessageDigest with SHA-1 or MD5? It's in JDK
> > 1.1. It's got to be better than crypt... :) And, you don't ever need the
> > password back out, you just need to compare. Just a thought.
>
> crypt() doesn't give you the password back out. But anyway you are right
> that SHA-1 or MD5 HMACs are better. SHA-1 is mostly considered best,
> these days.
>
> Cheers,
>
> Ben.
>
> --
> http://www.apache-ssl.org/ben.html
>
> "My grandfather once told me that there are two kinds of people: those
> who work and those who take the credit. He told me to try to be in the
> first group; there was less competition there."
>      - Indira Gandhi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message