W3C home > Mailing lists > Public > www-jigsaw@w3.org > November to December 2005

Re: Search how to crypt the authentification

From: CLOUD <cloud@madpowah.org>
Date: Thu, 08 Dec 2005 18:20:14 +0100
Message-ID: <43986B4E.4030105@madpowah.org>
To: Nitesh <nitesh.gulati@gmail.com>
CC: "'e.l. seielstad'" <elseielstad@yahoo.com>, www-jigsaw@w3.org

Nitesh wrote:
> I'm not quite sure if I still understand your problem well enough.
> 
> Anyway, see if this helps:
> http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html
> 
> Lastly, I recommend Hashing for passwords used in internet applications!
> 
> Let me know if it helps or if you need more related info! Good Luck!
> 
> ciao!!!
> 
> -nitesh
> 
> -----Original Message-----
> From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On Behalf
> Of CLOUD
> Sent: Thursday, December 08, 2005 9:48 PM
> To: e.l. seielstad
> Cc: www-jigsaw@w3.org
> Subject: Re: Search how to crypt the authentification
> 
> 
> e.l. seielstad wrote:
> 
>>    I think the original request involves creating a way to encrypt  the
> 
> admin password (and user passwords) stored in the authentication  files..
> 
>>  
>>     .../Jigsaw/config/auth/*.db files contain clear-text  versions of
> 
> user names and  passwords for the jigsaw server.
> 
>>  
>>          --erik.
>>    
>>
>>Nitesh <nitesh.gulati@gmail.com> wrote:  
>>I don't understand! Where is encryption in the entire deal?
>>
>>Wait... are you saying that you are trying to encrypt the password in in
>>setPassword() before setString() & are getting same result when encrypting
>>different words?
>>
>>-----Original Message-----
>>From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On
> 
> Behalf
> 
>>Of CLOUD
>>Sent: Thursday, December 08, 2005 6:22 PM
>>To: William Cai
>>Cc: www-jigsaw@w3.org
>>Subject: Re: Search how to crypt the authentification
>>
>>
>>William Cai wrote:
>>
>>
>>>Usually we calculate MD5 sum of password and store the MD5 sum. Does
>>>that make sense?
>>>
>>>On Wed, 2005-12-07 at 23:15 +0100, CLOUD wrote:
>>>
>>>
>>>
>>>
>>>>Hi.
>>>>
>>>>I search how i can crypt the password of admin and users. I try to
>>>>find
>>>>the good class to change it but without success.
>>>>Someone can help me ?
>>>>
>>>>Thanks 
>>>
>>>
>>Thanks for your answer.
>>
>>I don't want the algorithm but the class which stores the pass in the
>>xml file and the class which auth the user when he wants to modify data,
>>to add an algorithm.I've tried with the class
>>org.w3c.jigsaw.auth.AuthUser.java but without success . I thought it can
>>be :
>>
>> /**
>>     * Get the user password.
>>     */
>>
>>    public String getPassword() {
>> return (String) getValue(ATTR_PASSWORD, null) ;
>>    }
>>
>>    /**
>>     * Set a new password for this user.
>>     * @param passwd The new user's password.
>>     */
>>
>>    public void setPassword(String passwd) {
>> setString(ATTR_PASSWORD, passwd);
>>    }
>>
>>but if I change passwd in setPassword()  before the setString, there is
>>no change...
>>
>>Thanks for your interest. 
>>     Rémi Laurent
>>
>>
>>
>>
>>
>>			
>>---------------------------------
>>Yahoo! Shopping
>> Find Great Deals on Holiday Gifts at Yahoo! Shopping 
> 
> 
> Yes erik has understandood my request. I want to encrypt this clear-text
> password modifying classes and of course the same thing for the
> authentication. But I don't find the classes to do its.
> 
> 						Rémi Laurent
> 
> 
> 
	My problem is not to choose the best algorithm but how apply it. I know
the Md5 class. It's just an algorithm like CRC32 or Base64 to crypt.
I'm student in security and I must apply one of this algorithm to the
user passwords of jigsaw which are write in clear-text and which
circulate clearly on the network.
	That's why I search the classes used when we add a user and when a user
need to be auth to crypt the password at this time with an easy
algorith. The goal is just to find the class to modify and how modify it
and not to choose the best algorithm to crypt the password.

Sorry if I don't explain very well my problem but thanks for your help.
Received on Thursday, 8 December 2005 17:20:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:37 GMT