You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Alistair Hopkins <al...@berthengron.co.uk> on 2000/10/05 14:04:15 UTC

Password encryption

Slightly off subject...

I'm storing passwords for the site in my db.

I'd like to encrypt them before writing to the db and after reading, so 
they're not stored on disk in plain text.

Can anyone recommend a simple java one-hit encryption method that will 
protect them from casual pinching?  Something like unix crypt, I guess.

I don't want/haven't the spare processing power to learn up on the javax 
ssl package, as if anybody malicious is in my database it's not really 
going to help much anyway...

Thanks,
Alistair.

Re: Password encryption

Posted by Ismael Blesa Part <ib...@tissat.es>.

Using a hash algorithm you have your problem solved. It is a one-way
algorithm

Alistair Hopkins wrote:

> Slightly off subject...
>
> I'm storing passwords for the site in my db.
>
> I'd like to encrypt them before writing to the db and after reading, so
> they're not stored on disk in plain text.
>
> Can anyone recommend a simple java one-hit encryption method that will
> protect them from casual pinching?  Something like unix crypt, I guess.
>
> I don't want/haven't the spare processing power to learn up on the javax
> ssl package, as if anybody malicious is in my database it's not really
> going to help much anyway...
>
> Thanks,
> Alistair.

Re: Password encryption

Posted by Marcel Ruff <ru...@swand.lake.de>.

Alistair Hopkins wrote:
> 
> Slightly off subject...
> 
> I'm storing passwords for the site in my db.
> 
> I'd like to encrypt them before writing to the db and after reading, so
> they're not stored on disk in plain text.
> 
> Can anyone recommend a simple java one-hit encryption method that will
> protect them from casual pinching?  Something like unix crypt, I guess.
> 
> I don't want/haven't the spare processing power to learn up on the javax
> ssl package, as if anybody malicious is in my database it's not really
> going to help much anyway...
> 
> Thanks,
> Alistair.

Try this Java implementation of crypt (simple and tiny):

http://locutus.kingwoodcable.com/jfd/crypt.html

cu

Marcel

-- 
Marcel Ruff
mailto:ruff@swand.lake.de
http://www.lake.de/home/lake/swand/
http://www.xmlBlaster.org

RE: Password encryption

Posted by Bob Krause <BK...@tickets.com>.

Hello,

 Blowfish encryption is quite useful and is freely available on the Net if
you do a search and there is a reference implementation for it in the JCE.

Bob K

-----Original Message-----
From: Alistair Hopkins [mailto:alistair@berthengron.co.uk]
Sent: Thursday, October 05, 2000 8:04 AM
To: tomcat-user@jakarta.apache.org
Subject: Password encryption


Slightly off subject...

I'm storing passwords for the site in my db.

I'd like to encrypt them before writing to the db and after reading, so
they're not stored on disk in plain text.

Can anyone recommend a simple java one-hit encryption method that will
protect them from casual pinching?  Something like unix crypt, I guess.

I don't want/haven't the spare processing power to learn up on the javax
ssl package, as if anybody malicious is in my database it's not really
going to help much anyway...

Thanks,
Alistair.