You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Alistair Hopkins <al...@berthengron.co.uk> on 2000/10/05 14:04:15 UTC
Password encryption
Slightly off subject...
I'm storing passwords for the site in my db.
I'd like to encrypt them before writing to the db and after reading, so
they're not stored on disk in plain text.
Can anyone recommend a simple java one-hit encryption method that will
protect them from casual pinching? Something like unix crypt, I guess.
I don't want/haven't the spare processing power to learn up on the javax
ssl package, as if anybody malicious is in my database it's not really
going to help much anyway...
Thanks,
Alistair.
Re: Password encryption
Posted by Ismael Blesa Part <ib...@tissat.es>.
Using a hash algorithm you have your problem solved. It is a one-way
algorithm
Alistair Hopkins wrote:
> Slightly off subject...
>
> I'm storing passwords for the site in my db.
>
> I'd like to encrypt them before writing to the db and after reading, so
> they're not stored on disk in plain text.
>
> Can anyone recommend a simple java one-hit encryption method that will
> protect them from casual pinching? Something like unix crypt, I guess.
>
> I don't want/haven't the spare processing power to learn up on the javax
> ssl package, as if anybody malicious is in my database it's not really
> going to help much anyway...
>
> Thanks,
> Alistair.
Re: Password encryption
Posted by Marcel Ruff <ru...@swand.lake.de>.
Alistair Hopkins wrote:
>
> Slightly off subject...
>
> I'm storing passwords for the site in my db.
>
> I'd like to encrypt them before writing to the db and after reading, so
> they're not stored on disk in plain text.
>
> Can anyone recommend a simple java one-hit encryption method that will
> protect them from casual pinching? Something like unix crypt, I guess.
>
> I don't want/haven't the spare processing power to learn up on the javax
> ssl package, as if anybody malicious is in my database it's not really
> going to help much anyway...
>
> Thanks,
> Alistair.
Try this Java implementation of crypt (simple and tiny):
http://locutus.kingwoodcable.com/jfd/crypt.html
cu
Marcel
--
Marcel Ruff
mailto:ruff@swand.lake.de
http://www.lake.de/home/lake/swand/
http://www.xmlBlaster.org
RE: Password encryption
Posted by Bob Krause <BK...@tickets.com>.
Hello,
Blowfish encryption is quite useful and is freely available on the Net if
you do a search and there is a reference implementation for it in the JCE.
Bob K
-----Original Message-----
From: Alistair Hopkins [mailto:alistair@berthengron.co.uk]
Sent: Thursday, October 05, 2000 8:04 AM
To: tomcat-user@jakarta.apache.org
Subject: Password encryption
Slightly off subject...
I'm storing passwords for the site in my db.
I'd like to encrypt them before writing to the db and after reading, so
they're not stored on disk in plain text.
Can anyone recommend a simple java one-hit encryption method that will
protect them from casual pinching? Something like unix crypt, I guess.
I don't want/haven't the spare processing power to learn up on the javax
ssl package, as if anybody malicious is in my database it's not really
going to help much anyway...
Thanks,
Alistair.