Re: Password encryption and migrating from 2.2 -> 2.3...

[Brian Lawler <br...@tribenetwork.com>]

Never mind, looks like Henning had this problem already and created the 
OldJavaCrypt service to accommodate those in my situation.

-B


On Mar 22, 2004, at 12:35 PM, Brian Lawler wrote:

> Hello all-
>
> I may be missing something very important here, but it looks like the 
> method of doing SHA-based encryption changed from the 2.2 code base to 
> 2.3.  The result seems to be that 2.2 truncated a few characters off 
> the end, and 2.3 just uses the entire encrypted string.  My questions 
> are:
>
> 1) Have I done something wrong?
> 2) If not, is this a known issue in migrating from Security service to 
> the Crypto service?
> 3) How have you guys dealt with migrating, short of backporting the 
> encryption algorithm locally?
>
> My hope is that #1 is true, as right now my Turbine migration from 2.2 
> to 2.3 involves my hacking the encryption to match the existing user 
> base of ~130,000.
>
> +++++
>
> More details...
>
> The specific code I am talking about is the following:
>
>
>
> MessageDigest md = MessageDigest.getInstance(cipher);
>
> in 2.2
>
>         ByteArrayOutputStream bas = new ByteArrayOutputStream(
>          digest.length + digest.length / 3 + 1);
>         OutputStream encodedStream = MimeUtility.encode(bas, "base64");
>         encodedStream.write(digest);
>         return bas.toString();
>
> in 2.3
>
>         // Base64-encode the digest.
>         //byte[] encodedDigest = Base64.encode(digest);
>
>         return (encodedDigest == null ? null : new 
> String(encodedDigest));
>
>
> I like the 2.3 code better, but the results it gives me are different 
> (they are about 3 or 4 characters longer.  My current hack is to just 
> substitute the 2.2 code in.  I could probably also put a 
> newStyle.startsWith(oldStyle) which would also work.  Has anyone else 
> run into this?
>
> -B
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-dev-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org

Re: Password encryption and migrating from 2.2 -> 2.3...

["Henning P. Schmiedehausen" <hp...@intermeta.de>]

Brian Lawler <br...@tribenetwork.com> writes:

>Never mind, looks like Henning had this problem already and created the 
>OldJavaCrypt service to accommodate those in my situation.

:-) I was in the middle of typing exactly this answer when I read your second mail. 

	Regards
		Henning

-- 
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen          INTERMETA GmbH
hps@intermeta.de        +49 9131 50 654 0   http://www.intermeta.de/

RedHat Certified Engineer -- Jakarta Turbine Development  -- hero for hire
   Linux, Java, perl, Solaris -- Consulting, Training, Development

"Au�erdem k�nnen in Deutschland alle Englisch. [...] so entf�llt die
Notwendigkeit [...] Deutsch zu lernen." 
            -- Johan Micoud auf die Frage warum er kein Deutsch spricht.
                   (http://www.spiegel.de/spiegel/0,1518,273205,00.html)

---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org