W3C home > Mailing lists > Public > www-jigsaw@w3.org > November to December 2005

Re: Search how to crypt the authentification

From: CLOUD <cloud@madpowah.org>
Date: Fri, 09 Dec 2005 10:42:41 +0100
Message-ID: <43995191.3010007@madpowah.org>
To: Yves Lafon <ylafon@w3.org>
CC: Nitesh <nitesh.gulati@gmail.com>, "'e.l. seielstad'" <elseielstad@yahoo.com>, www-jigsaw@w3.org

Thanks, first I'm going to work to a SSL connection and after if I have
time I'm trying to crypt pass in the text files but in fact it's not the
principal matter.
					Rémi Laurent.

Yves Lafon wrote:
> 
> On Thu, 8 Dec 2005, Nitesh wrote:
> 
>>
>> I'm not quite sure if I still understand your problem well enough.
>>
>> Anyway, see if this helps:
>> http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html
>>
>> Lastly, I recommend Hashing for passwords used in internet applications!
>>
>> Let me know if it helps or if you need more related info! Good Luck!
> 
> 
> Bear in mind that Basic auth in HTTP use login password in clear text
> (well, base64 encoded for that matters but still), in that case it is
> easy to store locally in md5 but as all that is required is to sniff the
> network...
> For Digest auth, a part of the hash requires the passwd in clear text on
> both side
> A1       = unq(username-value) ":" unq(realm-value) ":" passwd
> 
>> -----Original Message-----
>> From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On
>> Behalf
>> Of CLOUD
>> Sent: Thursday, December 08, 2005 9:48 PM
>> To: e.l. seielstad
>> Cc: www-jigsaw@w3.org
>> Subject: Re: Search how to crypt the authentification
>>
>>
>> e.l. seielstad wrote:
>>
>>>     I think the original request involves creating a way to encrypt  the
>>
>> admin password (and user passwords) stored in the authentication  files..
>>
>>>
>>>      .../Jigsaw/config/auth/*.db files contain clear-text  versions of
>>
>> user names and  passwords for the jigsaw server.
>>
>>>
>>>           --erik.
>>>
>>>
>>> Nitesh <nitesh.gulati@gmail.com> wrote:
>>> I don't understand! Where is encryption in the entire deal?
>>>
>>> Wait... are you saying that you are trying to encrypt the password in in
>>> setPassword() before setString() & are getting same result when
>>> encrypting
>>> different words?
>>>
>>> -----Original Message-----
>>> From: www-jigsaw-request@w3.org [mailto:www-jigsaw-request@w3.org] On
>>
>> Behalf
>>
>>> Of CLOUD
>>> Sent: Thursday, December 08, 2005 6:22 PM
>>> To: William Cai
>>> Cc: www-jigsaw@w3.org
>>> Subject: Re: Search how to crypt the authentification
>>>
>>>
>>> William Cai wrote:
>>>
>>>> Usually we calculate MD5 sum of password and store the MD5 sum. Does
>>>> that make sense?
>>>>
>>>> On Wed, 2005-12-07 at 23:15 +0100, CLOUD wrote:
>>>>
>>>>
>>>>
>>>>> Hi.
>>>>>
>>>>> I search how i can crypt the password of admin and users. I try to
>>>>> find
>>>>> the good class to change it but without success.
>>>>> Someone can help me ?
>>>>>
>>>>> Thanks
>>>>
>>>>
>>>>
>>> Thanks for your answer.
>>>
>>> I don't want the algorithm but the class which stores the pass in the
>>> xml file and the class which auth the user when he wants to modify data,
>>> to add an algorithm.I've tried with the class
>>> org.w3c.jigsaw.auth.AuthUser.java but without success . I thought it can
>>> be :
>>>
>>>  /**
>>>      * Get the user password.
>>>      */
>>>
>>>     public String getPassword() {
>>>  return (String) getValue(ATTR_PASSWORD, null) ;
>>>     }
>>>
>>>     /**
>>>      * Set a new password for this user.
>>>      * @param passwd The new user's password.
>>>      */
>>>
>>>     public void setPassword(String passwd) {
>>>  setString(ATTR_PASSWORD, passwd);
>>>     }
>>>
>>> but if I change passwd in setPassword()  before the setString, there is
>>> no change...
>>>
>>> Thanks for your interest.
>>>      Rémi Laurent
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------
>>> Yahoo! Shopping
>>>  Find Great Deals on Holiday Gifts at Yahoo! Shopping
>>
>>
>> Yes erik has understandood my request. I want to encrypt this clear-text
>> password modifying classes and of course the same thing for the
>> authentication. But I don't find the classes to do its.
>>
>>                         Rémi Laurent
>>
>>
>>
> 
Received on Friday, 9 December 2005 09:42:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 9 April 2012 12:13:37 GMT