You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Federico Viscomi <fe...@gmail.com> on 2014/06/26 18:52:02 UTC

sha1 in digest access authentication

 Hi.
I am running tomcat 7.0.54 and Jdk 1.8.0_05 on Windows 7.
Does it support sha1 as hash algorithm in digest access authentication?
If it doesn't, is there any version of tomcat that supports it?

Kind regards,
Federico.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: sha1 in digest access authentication

Posted by Christopher Schultz <ch...@christopherschultz.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Federico,

On 6/26/14, 12:52 PM, Federico Viscomi wrote:
> I am running tomcat 7.0.54 and Jdk 1.8.0_05 on Windows 7. Does it
> support sha1 as hash algorithm in digest access authentication?

Nope.

> If it doesn't, is there any version of tomcat that supports it?

None.

HTTP DIGEST authentication is defined[1] to use MD5 digest.

If you have a hacked client that can support SHA1, then you can
certainly hack Tomcat to use SHA1 instead of MD5: all you have to do
is change the call to getInstance("MD5") to getInstance("SHA1").

If you are going to bother to switch from MD5 to another hashing
algorithm, you might want to pick one that is a bit stronger, like one
of the SHA2 family (e.g. SHA-512).

- -chris

[1] http://en.wikipedia.org/wiki/Digest_access_authentication
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJTrbyOAAoJEBzwKT+lPKRYOpQP/18L6A255mAxMIGydmmkQHJ4
TRZUqr9BzOWsVWP9LVt6DOkSNsLm77TtFmoUKCcDp7Vu9L0prnomvAl9DvGDLabd
7TD37W3osjISjGHCkttLFqki2LG+R/eSYxEN1h3YvefZz/O/PkuVDWEXfMKAnNRH
vToYfuCt1Dc3LXxRQVFv7txup0P5VvVSp3e22DPDUrTYdOfnEOVlVBTjJb0U0AUr
rpruGuRaWFAw49UBEl10a9OqVZCzJ74+TNEnOZtB9KzxQ6MDetcVW+1m7SiOoMxP
/mPaUzOuPODLoktyYmDFCorBe4eaxN24R3w9RzsQftuYMNcVLOAiGvD6E2l1jEUe
WFawVH0C2RLg26Okzd1KxCVSQpWM6u0ZVn+zikhPtflF0WMHcTbDYgZDKP3UTibr
aS8pbrYw+VbCo4RKVrulyEGs/Pluklj3t/H4Zs6JA4BxScfw5zkkdBEtUeNVlcAi
XYRsqs0h2tZTH6noHEaXclTLnDqMvQzsx8xebaMsMF0FRPbhmy3LdSWEMXFinbs1
RxdxUxyaUmdiy2ko6TR2F9T0S8axzuMBTujKB1n72eC3ZZDCHPiQWRtfTEOgwF+0
Ds0PBPyfqySiRGBp7NKGRW14q5FmDVIWhRaHUoHLV/v0b5t8iiZSkkJJkaiJOJ3G
5nHiL/yjhtE06Sk+NiFO
=aaIe
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org