You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2004/02/16 17:57:45 UTC
DO NOT REPLY [Bug 26978] -
Add support for 'salt' to all Realms
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26978>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26978
Add support for 'salt' to all Realms
mario.winterer@scch.at changed:
What |Removed |Added
----------------------------------------------------------------------------
OS/Version|Other |All
------- Additional Comments From mario.winterer@scch.at 2004-02-16 16:57 -------
Code for generating a 'salted digest':
MessageDigest md = MessageDigest.getInstance("MD5");
// get digest A
byte[] digestA = md.digest(password.getBytes());
// generate the salt...
byte[] salt = new byte[md.getDigestLength()];
new SecureRandom().nextBytes(salt);
// generate digest B from digest A and salt
md.update(digestA);
byte[] digestB = md.digest(salt);
Code for comparing two passwords:
MessageDigest md = MessageDigest.getInstance("MD5");
// generate digest A from given password
byte[] digestA = md.digest(givenPassword.getBytes());
// generate digest B from digest A and stored salt
md.update(digestA);
byte[] digestB = md.digest(storedSalt);
// compare digest B with stored digest
boolean equal = Arrays.equals(digestB, storedDigest);
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org