You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@harmony.apache.org by Leo Li <li...@gmail.com> on 2007/09/04 11:31:02 UTC
[classlib][auth]Help to implement the "crypt" algorithm
Hi, all
Now I am looking at the implementation for JndiLoginModule which
is missing in current harmony class library.
But now I encounter a problem:
As spec says, according to RFC 2307[1], the password stored in
jndi directory is encoded by a crypto algorithm:
userPassword values MUST be represented by following syntax:
passwordvalue = schemeprefix encryptedpassword
schemeprefix = "{" scheme "}"
scheme = "crypt" / "md5" / "sha" / altscheme
altscheme = "x-" keystring
encryptedpassword = encrypted password
The encrypted password contains of a plaintext key hashed using the
algorithm scheme.
And currently, spec says it only acknowledge the "crypt" algorithm.
Besides, posix has such a system call as "crypt" which take the
responsibility[2]. But it lacks on windows.
So we had better implement the algorithm in java. But where is the
details of the algorithm? And I guess maybe we can borrow one from a
project which is under a licence compatible with apache. But where?
Is there any familiar with it?
Thanks.
[1]http://www.ietf.org/rfc/rfc2307.txt
[2]http://www.yiluda.net/manual/linux/man/crypt.html
--
Leo Li
China Software Development Lab, IBM
Re: [classlib][auth]Help to implement the "crypt" algorithm
Posted by Leo Li <li...@gmail.com>.
On 9/7/07, Yuri Dolgov <do...@gmail.com> wrote:
> Hi Leo,
>
> I wonder if got any results yet? Have you tried the solution suggested,
> were there any more troubles?
I think the approach is workable and I have started to write our own
crypt method. But excuse me, I am just occupied by other affairs.:)
And thank you again. I will contact with you if I encounter some trouble then.
>
> Thanks,
> Yuri
>
> On 9/5/07, Yuri Dolgov <do...@gmail.com> wrote:
> >
> > > The DES decode/encode function is focused on
> > >org.bouncycastle.crypto.engines.DESEngine and
> > >org.bouncycastle.crypto.modes.CBCBlockCipher, right?
> >
> > I'm not sure what do you mean here. Actually you shouldn't
> > bother about ciphering mode as you have only one block to
> > encipher, so modification of org.bouncycastle.crypto.engines.DESEngine
> > class will be enough.
> >
> > > And according to spec, the variation of crypt exists in expansion
> > >permutation. And this variation occurs in
> > >org.bouncycastle.crypto.engines.DESEngine.desFunction, right?That's
> > absolutely right. Actually you only need to permutate mentioned
> > in the paper bits (1-12 and 25-36) in every pair of elements in wKey[]
> > array.
> >
> > Please feel free to ask more question if something is unclear or you got
> > any trouble.
> >
> > Thanks,
> > Yuri
> >
> >
> >
> > On 9/5/07, Leo Li < liyilei1979@gmail.com> wrote:
> > >
> > > On 9/4/07, Yuri Dolgov < dolgov.g.yuri@gmail.com> wrote:
> > > > > Thank you, Yuri. The information you give is a lot help to me.
> > > > > The license is still a problem since actually the crypt
> > > > >implementation does not tell which license it belongs, so I am
> > > > >hesitating whether I am permitted to see the source code.:)
> > > >
> > > > O.k. that's not a problem, actually there is an free implementation of
> > > DES
> > > > in Bouncycastle, so we could easily modify it and make crypt()
> > > > implementation.
> > > > I could assist you if want to.
> > >
> > > Thank you, Yuri.
> > > Your help is precious to me.:)
> > >
> > > The DES decode/encode function is focused on
> > > org.bouncycastle.crypto.engines.DESEngine and
> > > org.bouncycastle.crypto.modes.CBCBlockCipher, right?
> > >
> > > And according to spec, the variation of crypt exists in expansion
> > > permutation. And this variation occurs in
> > > org.bouncycastle.crypto.engines.DESEngine.desFunction, right?
> > >
> > > Thanks, again.:)
> > >
> > >
> > > >
> > > > Thanks,
> > > > Yuri
> > > >
> > > >
> > > > On 9/4/07, Leo Li <liyilei1979@gmail.com > wrote:
> > > > >
> > > > > On 9/4/07, Yuri Dolgov <do...@gmail.com> wrote:
> > > > > > Hello Leo,
> > > > > >
> > > > > > "crypt" is really hashing algorithm based on widely known DES
> > > cipher.
> > > > > You
> > > > > > can find implementation algorithm description on [1] or
> > > implementation
> > > > > > details on [2]. crypt() algorithm slightly changes standard DES
> > > > > > implementation using additional permutation of the intermediate
> > > value,
> > > > > so
> > > > > > you have to have DES implementation to make it possible.
> > > > > > Actually there are number of known java implementations of crypt
> > > > > algorithm
> > > > > > (see [3]), but I haven't checked if they have appropriate
> > > licences.
> > > > > >
> > > > > > [1] http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
> > > > > > [2]
> > > http://davesource.com/Projects/DEStiny/Docs/Proposal/Proposal.rtf
> > > > > > [3] http://www.dynamic.net.au/christos/crypt/
> > > > >
> > > > > Thank you, Yuri. The information you give is a lot help to me.
> > > > > The license is still a problem since actually the crypt
> > > > > implementation does not tell which license it belongs, so I am
> > > > > hesitating whether I am permitted to see the source code.:)
> > > > >
> > > > > >
> > > > > > Thanks,
> > > > > > Yuri
> > > > > >
> > > > > > On 9/4/07, Leo Li <li...@gmail.com> wrote:
> > > > > > >
> > > > > > > Hi, all
> > > > > > > Now I am looking at the implementation for JndiLoginModule
> > > which
> > > > > > > is missing in current harmony class library.
> > > > > > > But now I encounter a problem:
> > > > > > > As spec says, according to RFC 2307[1], the password stored
> > > in
> > > > > > > jndi directory is encoded by a crypto algorithm:
> > > > > > >
> > > > > > > userPassword values MUST be represented by following
> > > syntax:
> > > > > > >
> > > > > > > passwordvalue = schemeprefix encryptedpassword
> > > > > > > schemeprefix = "{" scheme "}"
> > > > > > > scheme = "crypt" / "md5" / "sha" /
> > > altscheme
> > > > > > > altscheme = "x-" keystring
> > > > > > > encryptedpassword = encrypted password
> > > > > > >
> > > > > > > The encrypted password contains of a plaintext key hashed
> > > using the
> > > > > > > algorithm scheme.
> > > > > > >
> > > > > > > And currently, spec says it only acknowledge the "crypt"
> > > algorithm.
> > > > > > > Besides, posix has such a system call as "crypt" which take
> > > the
> > > > > > > responsibility[2]. But it lacks on windows.
> > > > > > > So we had better implement the algorithm in java. But where
> > > is the
> > > > > > > details of the algorithm? And I guess maybe we can borrow one
> > > from a
> > > > > > > project which is under a licence compatible with apache. But
> > > where?
> > > > > > > Is there any familiar with it?
> > > > > > > Thanks.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > [1]http://www.ietf.org/rfc/rfc2307.txt
> > > > > > > [2]http://www.yiluda.net/manual/linux/man/crypt.html
> > > > > > > --
> > > > > > > Leo Li
> > > > > > > China Software Development Lab, IBM
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Leo Li
> > > > > China Software Development Lab, IBM
> > > > >
> > > >
> > >
> > >
> > > --
> > > Leo Li
> > > China Software Development Lab, IBM
> > >
> >
> >
>
--
Leo Li
China Software Development Lab, IBM
Re: [classlib][auth]Help to implement the "crypt" algorithm
Posted by Yuri Dolgov <do...@gmail.com>.
Hi Leo,
I wonder if got any results yet? Have you tried the solution suggested,
were there any more troubles?
Thanks,
Yuri
On 9/5/07, Yuri Dolgov <do...@gmail.com> wrote:
>
> > The DES decode/encode function is focused on
> >org.bouncycastle.crypto.engines.DESEngine and
> >org.bouncycastle.crypto.modes.CBCBlockCipher, right?
>
> I'm not sure what do you mean here. Actually you shouldn't
> bother about ciphering mode as you have only one block to
> encipher, so modification of org.bouncycastle.crypto.engines.DESEngine
> class will be enough.
>
> > And according to spec, the variation of crypt exists in expansion
> >permutation. And this variation occurs in
> >org.bouncycastle.crypto.engines.DESEngine.desFunction, right?That's
> absolutely right. Actually you only need to permutate mentioned
> in the paper bits (1-12 and 25-36) in every pair of elements in wKey[]
> array.
>
> Please feel free to ask more question if something is unclear or you got
> any trouble.
>
> Thanks,
> Yuri
>
>
>
> On 9/5/07, Leo Li < liyilei1979@gmail.com> wrote:
> >
> > On 9/4/07, Yuri Dolgov < dolgov.g.yuri@gmail.com> wrote:
> > > > Thank you, Yuri. The information you give is a lot help to me.
> > > > The license is still a problem since actually the crypt
> > > >implementation does not tell which license it belongs, so I am
> > > >hesitating whether I am permitted to see the source code.:)
> > >
> > > O.k. that's not a problem, actually there is an free implementation of
> > DES
> > > in Bouncycastle, so we could easily modify it and make crypt()
> > > implementation.
> > > I could assist you if want to.
> >
> > Thank you, Yuri.
> > Your help is precious to me.:)
> >
> > The DES decode/encode function is focused on
> > org.bouncycastle.crypto.engines.DESEngine and
> > org.bouncycastle.crypto.modes.CBCBlockCipher, right?
> >
> > And according to spec, the variation of crypt exists in expansion
> > permutation. And this variation occurs in
> > org.bouncycastle.crypto.engines.DESEngine.desFunction, right?
> >
> > Thanks, again.:)
> >
> >
> > >
> > > Thanks,
> > > Yuri
> > >
> > >
> > > On 9/4/07, Leo Li <liyilei1979@gmail.com > wrote:
> > > >
> > > > On 9/4/07, Yuri Dolgov <do...@gmail.com> wrote:
> > > > > Hello Leo,
> > > > >
> > > > > "crypt" is really hashing algorithm based on widely known DES
> > cipher.
> > > > You
> > > > > can find implementation algorithm description on [1] or
> > implementation
> > > > > details on [2]. crypt() algorithm slightly changes standard DES
> > > > > implementation using additional permutation of the intermediate
> > value,
> > > > so
> > > > > you have to have DES implementation to make it possible.
> > > > > Actually there are number of known java implementations of crypt
> > > > algorithm
> > > > > (see [3]), but I haven't checked if they have appropriate
> > licences.
> > > > >
> > > > > [1] http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
> > > > > [2]
> > http://davesource.com/Projects/DEStiny/Docs/Proposal/Proposal.rtf
> > > > > [3] http://www.dynamic.net.au/christos/crypt/
> > > >
> > > > Thank you, Yuri. The information you give is a lot help to me.
> > > > The license is still a problem since actually the crypt
> > > > implementation does not tell which license it belongs, so I am
> > > > hesitating whether I am permitted to see the source code.:)
> > > >
> > > > >
> > > > > Thanks,
> > > > > Yuri
> > > > >
> > > > > On 9/4/07, Leo Li <li...@gmail.com> wrote:
> > > > > >
> > > > > > Hi, all
> > > > > > Now I am looking at the implementation for JndiLoginModule
> > which
> > > > > > is missing in current harmony class library.
> > > > > > But now I encounter a problem:
> > > > > > As spec says, according to RFC 2307[1], the password stored
> > in
> > > > > > jndi directory is encoded by a crypto algorithm:
> > > > > >
> > > > > > userPassword values MUST be represented by following
> > syntax:
> > > > > >
> > > > > > passwordvalue = schemeprefix encryptedpassword
> > > > > > schemeprefix = "{" scheme "}"
> > > > > > scheme = "crypt" / "md5" / "sha" /
> > altscheme
> > > > > > altscheme = "x-" keystring
> > > > > > encryptedpassword = encrypted password
> > > > > >
> > > > > > The encrypted password contains of a plaintext key hashed
> > using the
> > > > > > algorithm scheme.
> > > > > >
> > > > > > And currently, spec says it only acknowledge the "crypt"
> > algorithm.
> > > > > > Besides, posix has such a system call as "crypt" which take
> > the
> > > > > > responsibility[2]. But it lacks on windows.
> > > > > > So we had better implement the algorithm in java. But where
> > is the
> > > > > > details of the algorithm? And I guess maybe we can borrow one
> > from a
> > > > > > project which is under a licence compatible with apache. But
> > where?
> > > > > > Is there any familiar with it?
> > > > > > Thanks.
> > > > > >
> > > > > >
> > > > > >
> > > > > > [1]http://www.ietf.org/rfc/rfc2307.txt
> > > > > > [2]http://www.yiluda.net/manual/linux/man/crypt.html
> > > > > > --
> > > > > > Leo Li
> > > > > > China Software Development Lab, IBM
> > > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Leo Li
> > > > China Software Development Lab, IBM
> > > >
> > >
> >
> >
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>
>
Re: [classlib][auth]Help to implement the "crypt" algorithm
Posted by Yuri Dolgov <do...@gmail.com>.
> The DES decode/encode function is focused on
>org.bouncycastle.crypto.engines.DESEngine and
>org.bouncycastle.crypto.modes.CBCBlockCipher, right?
I'm not sure what do you mean here. Actually you shouldn't
bother about ciphering mode as you have only one block to
encipher, so modification of org.bouncycastle.crypto.engines.DESEngine
class will be enough.
> And according to spec, the variation of crypt exists in expansion
>permutation. And this variation occurs in
>org.bouncycastle.crypto.engines.DESEngine.desFunction, right?That's
absolutely right. Actually you only need to permutate mentioned
in the paper bits (1-12 and 25-36) in every pair of elements in wKey[]
array.
Please feel free to ask more question if something is unclear or you got any
trouble.
Thanks,
Yuri
On 9/5/07, Leo Li <li...@gmail.com> wrote:
>
> On 9/4/07, Yuri Dolgov <do...@gmail.com> wrote:
> > > Thank you, Yuri. The information you give is a lot help to me.
> > > The license is still a problem since actually the crypt
> > >implementation does not tell which license it belongs, so I am
> > >hesitating whether I am permitted to see the source code.:)
> >
> > O.k. that's not a problem, actually there is an free implementation of
> DES
> > in Bouncycastle, so we could easily modify it and make crypt()
> > implementation.
> > I could assist you if want to.
>
> Thank you, Yuri.
> Your help is precious to me.:)
>
> The DES decode/encode function is focused on
> org.bouncycastle.crypto.engines.DESEngine and
> org.bouncycastle.crypto.modes.CBCBlockCipher, right?
>
> And according to spec, the variation of crypt exists in expansion
> permutation. And this variation occurs in
> org.bouncycastle.crypto.engines.DESEngine.desFunction, right?
>
> Thanks, again.:)
>
>
> >
> > Thanks,
> > Yuri
> >
> >
> > On 9/4/07, Leo Li <li...@gmail.com> wrote:
> > >
> > > On 9/4/07, Yuri Dolgov <do...@gmail.com> wrote:
> > > > Hello Leo,
> > > >
> > > > "crypt" is really hashing algorithm based on widely known DES
> cipher.
> > > You
> > > > can find implementation algorithm description on [1] or
> implementation
> > > > details on [2]. crypt() algorithm slightly changes standard DES
> > > > implementation using additional permutation of the intermediate
> value,
> > > so
> > > > you have to have DES implementation to make it possible.
> > > > Actually there are number of known java implementations of crypt
> > > algorithm
> > > > (see [3]), but I haven't checked if they have appropriate licences.
> > > >
> > > > [1] http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
> > > > [2]
> http://davesource.com/Projects/DEStiny/Docs/Proposal/Proposal.rtf
> > > > [3] http://www.dynamic.net.au/christos/crypt/
> > >
> > > Thank you, Yuri. The information you give is a lot help to me.
> > > The license is still a problem since actually the crypt
> > > implementation does not tell which license it belongs, so I am
> > > hesitating whether I am permitted to see the source code.:)
> > >
> > > >
> > > > Thanks,
> > > > Yuri
> > > >
> > > > On 9/4/07, Leo Li <li...@gmail.com> wrote:
> > > > >
> > > > > Hi, all
> > > > > Now I am looking at the implementation for JndiLoginModule
> which
> > > > > is missing in current harmony class library.
> > > > > But now I encounter a problem:
> > > > > As spec says, according to RFC 2307[1], the password stored
> in
> > > > > jndi directory is encoded by a crypto algorithm:
> > > > >
> > > > > userPassword values MUST be represented by following syntax:
> > > > >
> > > > > passwordvalue = schemeprefix encryptedpassword
> > > > > schemeprefix = "{" scheme "}"
> > > > > scheme = "crypt" / "md5" / "sha" /
> altscheme
> > > > > altscheme = "x-" keystring
> > > > > encryptedpassword = encrypted password
> > > > >
> > > > > The encrypted password contains of a plaintext key hashed using
> the
> > > > > algorithm scheme.
> > > > >
> > > > > And currently, spec says it only acknowledge the "crypt"
> algorithm.
> > > > > Besides, posix has such a system call as "crypt" which take the
> > > > > responsibility[2]. But it lacks on windows.
> > > > > So we had better implement the algorithm in java. But where is
> the
> > > > > details of the algorithm? And I guess maybe we can borrow one from
> a
> > > > > project which is under a licence compatible with apache. But
> where?
> > > > > Is there any familiar with it?
> > > > > Thanks.
> > > > >
> > > > >
> > > > >
> > > > > [1]http://www.ietf.org/rfc/rfc2307.txt
> > > > > [2]http://www.yiluda.net/manual/linux/man/crypt.html
> > > > > --
> > > > > Leo Li
> > > > > China Software Development Lab, IBM
> > > > >
> > > >
> > >
> > >
> > > --
> > > Leo Li
> > > China Software Development Lab, IBM
> > >
> >
>
>
> --
> Leo Li
> China Software Development Lab, IBM
>
Re: [classlib][auth]Help to implement the "crypt" algorithm
Posted by Leo Li <li...@gmail.com>.
On 9/4/07, Yuri Dolgov <do...@gmail.com> wrote:
> > Thank you, Yuri. The information you give is a lot help to me.
> > The license is still a problem since actually the crypt
> >implementation does not tell which license it belongs, so I am
> >hesitating whether I am permitted to see the source code.:)
>
> O.k. that's not a problem, actually there is an free implementation of DES
> in Bouncycastle, so we could easily modify it and make crypt()
> implementation.
> I could assist you if want to.
Thank you, Yuri.
Your help is precious to me.:)
The DES decode/encode function is focused on
org.bouncycastle.crypto.engines.DESEngine and
org.bouncycastle.crypto.modes.CBCBlockCipher, right?
And according to spec, the variation of crypt exists in expansion
permutation. And this variation occurs in
org.bouncycastle.crypto.engines.DESEngine.desFunction, right?
Thanks, again.:)
>
> Thanks,
> Yuri
>
>
> On 9/4/07, Leo Li <li...@gmail.com> wrote:
> >
> > On 9/4/07, Yuri Dolgov <do...@gmail.com> wrote:
> > > Hello Leo,
> > >
> > > "crypt" is really hashing algorithm based on widely known DES cipher.
> > You
> > > can find implementation algorithm description on [1] or implementation
> > > details on [2]. crypt() algorithm slightly changes standard DES
> > > implementation using additional permutation of the intermediate value,
> > so
> > > you have to have DES implementation to make it possible.
> > > Actually there are number of known java implementations of crypt
> > algorithm
> > > (see [3]), but I haven't checked if they have appropriate licences.
> > >
> > > [1] http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
> > > [2] http://davesource.com/Projects/DEStiny/Docs/Proposal/Proposal.rtf
> > > [3] http://www.dynamic.net.au/christos/crypt/
> >
> > Thank you, Yuri. The information you give is a lot help to me.
> > The license is still a problem since actually the crypt
> > implementation does not tell which license it belongs, so I am
> > hesitating whether I am permitted to see the source code.:)
> >
> > >
> > > Thanks,
> > > Yuri
> > >
> > > On 9/4/07, Leo Li <li...@gmail.com> wrote:
> > > >
> > > > Hi, all
> > > > Now I am looking at the implementation for JndiLoginModule which
> > > > is missing in current harmony class library.
> > > > But now I encounter a problem:
> > > > As spec says, according to RFC 2307[1], the password stored in
> > > > jndi directory is encoded by a crypto algorithm:
> > > >
> > > > userPassword values MUST be represented by following syntax:
> > > >
> > > > passwordvalue = schemeprefix encryptedpassword
> > > > schemeprefix = "{" scheme "}"
> > > > scheme = "crypt" / "md5" / "sha" / altscheme
> > > > altscheme = "x-" keystring
> > > > encryptedpassword = encrypted password
> > > >
> > > > The encrypted password contains of a plaintext key hashed using the
> > > > algorithm scheme.
> > > >
> > > > And currently, spec says it only acknowledge the "crypt" algorithm.
> > > > Besides, posix has such a system call as "crypt" which take the
> > > > responsibility[2]. But it lacks on windows.
> > > > So we had better implement the algorithm in java. But where is the
> > > > details of the algorithm? And I guess maybe we can borrow one from a
> > > > project which is under a licence compatible with apache. But where?
> > > > Is there any familiar with it?
> > > > Thanks.
> > > >
> > > >
> > > >
> > > > [1]http://www.ietf.org/rfc/rfc2307.txt
> > > > [2]http://www.yiluda.net/manual/linux/man/crypt.html
> > > > --
> > > > Leo Li
> > > > China Software Development Lab, IBM
> > > >
> > >
> >
> >
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>
--
Leo Li
China Software Development Lab, IBM
Re: [classlib][auth]Help to implement the "crypt" algorithm
Posted by Yuri Dolgov <do...@gmail.com>.
> Thank you, Yuri. The information you give is a lot help to me.
> The license is still a problem since actually the crypt
>implementation does not tell which license it belongs, so I am
>hesitating whether I am permitted to see the source code.:)
O.k. that's not a problem, actually there is an free implementation of DES
in Bouncycastle, so we could easily modify it and make crypt()
implementation.
I could assist you if want to.
Thanks,
Yuri
On 9/4/07, Leo Li <li...@gmail.com> wrote:
>
> On 9/4/07, Yuri Dolgov <do...@gmail.com> wrote:
> > Hello Leo,
> >
> > "crypt" is really hashing algorithm based on widely known DES cipher.
> You
> > can find implementation algorithm description on [1] or implementation
> > details on [2]. crypt() algorithm slightly changes standard DES
> > implementation using additional permutation of the intermediate value,
> so
> > you have to have DES implementation to make it possible.
> > Actually there are number of known java implementations of crypt
> algorithm
> > (see [3]), but I haven't checked if they have appropriate licences.
> >
> > [1] http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
> > [2] http://davesource.com/Projects/DEStiny/Docs/Proposal/Proposal.rtf
> > [3] http://www.dynamic.net.au/christos/crypt/
>
> Thank you, Yuri. The information you give is a lot help to me.
> The license is still a problem since actually the crypt
> implementation does not tell which license it belongs, so I am
> hesitating whether I am permitted to see the source code.:)
>
> >
> > Thanks,
> > Yuri
> >
> > On 9/4/07, Leo Li <li...@gmail.com> wrote:
> > >
> > > Hi, all
> > > Now I am looking at the implementation for JndiLoginModule which
> > > is missing in current harmony class library.
> > > But now I encounter a problem:
> > > As spec says, according to RFC 2307[1], the password stored in
> > > jndi directory is encoded by a crypto algorithm:
> > >
> > > userPassword values MUST be represented by following syntax:
> > >
> > > passwordvalue = schemeprefix encryptedpassword
> > > schemeprefix = "{" scheme "}"
> > > scheme = "crypt" / "md5" / "sha" / altscheme
> > > altscheme = "x-" keystring
> > > encryptedpassword = encrypted password
> > >
> > > The encrypted password contains of a plaintext key hashed using the
> > > algorithm scheme.
> > >
> > > And currently, spec says it only acknowledge the "crypt" algorithm.
> > > Besides, posix has such a system call as "crypt" which take the
> > > responsibility[2]. But it lacks on windows.
> > > So we had better implement the algorithm in java. But where is the
> > > details of the algorithm? And I guess maybe we can borrow one from a
> > > project which is under a licence compatible with apache. But where?
> > > Is there any familiar with it?
> > > Thanks.
> > >
> > >
> > >
> > > [1]http://www.ietf.org/rfc/rfc2307.txt
> > > [2]http://www.yiluda.net/manual/linux/man/crypt.html
> > > --
> > > Leo Li
> > > China Software Development Lab, IBM
> > >
> >
>
>
> --
> Leo Li
> China Software Development Lab, IBM
>
Re: [classlib][auth]Help to implement the "crypt" algorithm
Posted by Leo Li <li...@gmail.com>.
On 9/4/07, Yuri Dolgov <do...@gmail.com> wrote:
> Hello Leo,
>
> "crypt" is really hashing algorithm based on widely known DES cipher. You
> can find implementation algorithm description on [1] or implementation
> details on [2]. crypt() algorithm slightly changes standard DES
> implementation using additional permutation of the intermediate value, so
> you have to have DES implementation to make it possible.
> Actually there are number of known java implementations of crypt algorithm
> (see [3]), but I haven't checked if they have appropriate licences.
>
> [1] http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
> [2] http://davesource.com/Projects/DEStiny/Docs/Proposal/Proposal.rtf
> [3] http://www.dynamic.net.au/christos/crypt/
Thank you, Yuri. The information you give is a lot help to me.
The license is still a problem since actually the crypt
implementation does not tell which license it belongs, so I am
hesitating whether I am permitted to see the source code.:)
>
> Thanks,
> Yuri
>
> On 9/4/07, Leo Li <li...@gmail.com> wrote:
> >
> > Hi, all
> > Now I am looking at the implementation for JndiLoginModule which
> > is missing in current harmony class library.
> > But now I encounter a problem:
> > As spec says, according to RFC 2307[1], the password stored in
> > jndi directory is encoded by a crypto algorithm:
> >
> > userPassword values MUST be represented by following syntax:
> >
> > passwordvalue = schemeprefix encryptedpassword
> > schemeprefix = "{" scheme "}"
> > scheme = "crypt" / "md5" / "sha" / altscheme
> > altscheme = "x-" keystring
> > encryptedpassword = encrypted password
> >
> > The encrypted password contains of a plaintext key hashed using the
> > algorithm scheme.
> >
> > And currently, spec says it only acknowledge the "crypt" algorithm.
> > Besides, posix has such a system call as "crypt" which take the
> > responsibility[2]. But it lacks on windows.
> > So we had better implement the algorithm in java. But where is the
> > details of the algorithm? And I guess maybe we can borrow one from a
> > project which is under a licence compatible with apache. But where?
> > Is there any familiar with it?
> > Thanks.
> >
> >
> >
> > [1]http://www.ietf.org/rfc/rfc2307.txt
> > [2]http://www.yiluda.net/manual/linux/man/crypt.html
> > --
> > Leo Li
> > China Software Development Lab, IBM
> >
>
--
Leo Li
China Software Development Lab, IBM
Re: [classlib][auth]Help to implement the "crypt" algorithm
Posted by Yuri Dolgov <do...@gmail.com>.
Hello Leo,
"crypt" is really hashing algorithm based on widely known DES cipher. You
can find implementation algorithm description on [1] or implementation
details on [2]. crypt() algorithm slightly changes standard DES
implementation using additional permutation of the intermediate value, so
you have to have DES implementation to make it possible.
Actually there are number of known java implementations of crypt algorithm
(see [3]), but I haven't checked if they have appropriate licences.
[1] http://www.unix.org.ua/orelly/networking/puis/ch08_06.htm
[2] http://davesource.com/Projects/DEStiny/Docs/Proposal/Proposal.rtf
[3] http://www.dynamic.net.au/christos/crypt/
Thanks,
Yuri
On 9/4/07, Leo Li <li...@gmail.com> wrote:
>
> Hi, all
> Now I am looking at the implementation for JndiLoginModule which
> is missing in current harmony class library.
> But now I encounter a problem:
> As spec says, according to RFC 2307[1], the password stored in
> jndi directory is encoded by a crypto algorithm:
>
> userPassword values MUST be represented by following syntax:
>
> passwordvalue = schemeprefix encryptedpassword
> schemeprefix = "{" scheme "}"
> scheme = "crypt" / "md5" / "sha" / altscheme
> altscheme = "x-" keystring
> encryptedpassword = encrypted password
>
> The encrypted password contains of a plaintext key hashed using the
> algorithm scheme.
>
> And currently, spec says it only acknowledge the "crypt" algorithm.
> Besides, posix has such a system call as "crypt" which take the
> responsibility[2]. But it lacks on windows.
> So we had better implement the algorithm in java. But where is the
> details of the algorithm? And I guess maybe we can borrow one from a
> project which is under a licence compatible with apache. But where?
> Is there any familiar with it?
> Thanks.
>
>
>
> [1]http://www.ietf.org/rfc/rfc2307.txt
> [2]http://www.yiluda.net/manual/linux/man/crypt.html
> --
> Leo Li
> China Software Development Lab, IBM
>