W3C home > Mailing lists > Public > www-jigsaw@w3.org > November to December 2005

RE: Search how to crypt the authentification

From: Yves Lafon <ylafon@w3.org>
Date: Thu, 8 Dec 2005 19:37:37 +0100 (MET)
To: Nitesh <nitesh.gulati@gmail.com>
cc: "'CLOUD'" <cloud@madpowah.org>, "'e.l. seielstad'" <elseielstad@yahoo.com>, www-jigsaw@w3.org
Message-ID: <Pine.GSO.4.63.0512081921590.16514@gnenaghyn.vaevn.se>

On Thu, 8 Dec 2005, Nitesh wrote:

>
> I'm not quite sure if I still understand your problem well enough.
>
> Anyway, see if this helps:
> http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html
>
> Lastly, I recommend Hashing for passwords used in internet applications!
>
> Let me know if it helps or if you need more related info! Good Luck!

Bear in mind that Basic auth in HTTP use login password in clear text 
(well, base64 encoded for that matters but still), in that case it is easy 
to store locally in md5 but as all that is required is to sniff the 
network...
For Digest auth, a part of the hash requires the passwd in clear text on 
both side
A1       = unq(username-value) ":" unq(realm-value) ":" passwd

> -----Original Message-----
> From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On Behalf
> Of CLOUD
> Sent: Thursday, December 08, 2005 9:48 PM
> To: e.l. seielstad
> Cc: www-jigsaw@w3.org
> Subject: Re: Search how to crypt the authentification
>
>
> e.l. seielstad wrote:
>>     I think the original request involves creating a way to encrypt  the
> admin password (and user passwords) stored in the authentication  files..
>>
>>      .../Jigsaw/config/auth/*.db files contain clear-text  versions of
> user names and  passwords for the jigsaw server.
>>
>>           --erik.
>>
>>
>> Nitesh <nitesh.gulati@gmail.com> wrote:
>> I don't understand! Where is encryption in the entire deal?
>>
>> Wait... are you saying that you are trying to encrypt the password in in
>> setPassword() before setString() & are getting same result when encrypting
>> different words?
>>
>> -----Original Message-----
>> From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On
> Behalf
>> Of CLOUD
>> Sent: Thursday, December 08, 2005 6:22 PM
>> To: William Cai
>> Cc: www-jigsaw@w3.org
>> Subject: Re: Search how to crypt the authentification
>>
>>
>> William Cai wrote:
>>
>>> Usually we calculate MD5 sum of password and store the MD5 sum. Does
>>> that make sense?
>>>
>>> On Wed, 2005-12-07 at 23:15 +0100, CLOUD wrote:
>>>
>>>
>>>
>>>> Hi.
>>>>
>>>> I search how i can crypt the password of admin and users. I try to
>>>> find
>>>> the good class to change it but without success.
>>>> Someone can help me ?
>>>>
>>>> Thanks
>>>
>>>
>> Thanks for your answer.
>>
>> I don't want the algorithm but the class which stores the pass in the
>> xml file and the class which auth the user when he wants to modify data,
>> to add an algorithm.I've tried with the class
>> org.w3c.jigsaw.auth.AuthUser.java but without success . I thought it can
>> be :
>>
>>  /**
>>      * Get the user password.
>>      */
>>
>>     public String getPassword() {
>>  return (String) getValue(ATTR_PASSWORD, null) ;
>>     }
>>
>>     /**
>>      * Set a new password for this user.
>>      * @param passwd The new user's password.
>>      */
>>
>>     public void setPassword(String passwd) {
>>  setString(ATTR_PASSWORD, passwd);
>>     }
>>
>> but if I change passwd in setPassword()  before the setString, there is
>> no change...
>>
>> Thanks for your interest.
>>      Rémi Laurent
>>
>>
>>
>>
>>
>>
>> ---------------------------------
>> Yahoo! Shopping
>>  Find Great Deals on Holiday Gifts at Yahoo! Shopping
>
> Yes erik has understandood my request. I want to encrypt this clear-text
> password modifying classes and of course the same thing for the
> authentication. But I don't find the classes to do its.
>
> 						Rémi Laurent
>
>
>

-- 
Yves Lafon - W3C
"Baroula que barouleras, au tiéu toujou t'entourneras."
Received on Thursday, 8 December 2005 18:38:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:37 GMT