You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by Brian Lawler <br...@tribenetwork.com> on 2004/04/01 08:45:38 UTC
Re: Password encryption and migrating from 2.2 -> 2.3...
Never mind, looks like Henning had this problem already and created the
OldJavaCrypt service to accommodate those in my situation.
-B
On Mar 22, 2004, at 12:35 PM, Brian Lawler wrote:
> Hello all-
>
> I may be missing something very important here, but it looks like the
> method of doing SHA-based encryption changed from the 2.2 code base to
> 2.3. The result seems to be that 2.2 truncated a few characters off
> the end, and 2.3 just uses the entire encrypted string. My questions
> are:
>
> 1) Have I done something wrong?
> 2) If not, is this a known issue in migrating from Security service to
> the Crypto service?
> 3) How have you guys dealt with migrating, short of backporting the
> encryption algorithm locally?
>
> My hope is that #1 is true, as right now my Turbine migration from 2.2
> to 2.3 involves my hacking the encryption to match the existing user
> base of ~130,000.
>
> +++++
>
> More details...
>
> The specific code I am talking about is the following:
>
>
>
> MessageDigest md = MessageDigest.getInstance(cipher);
>
> in 2.2
>
> ByteArrayOutputStream bas = new ByteArrayOutputStream(
> digest.length + digest.length / 3 + 1);
> OutputStream encodedStream = MimeUtility.encode(bas, "base64");
> encodedStream.write(digest);
> return bas.toString();
>
> in 2.3
>
> // Base64-encode the digest.
> //byte[] encodedDigest = Base64.encode(digest);
>
> return (encodedDigest == null ? null : new
> String(encodedDigest));
>
>
> I like the 2.3 code better, but the results it gives me are different
> (they are about 3 or 4 characters longer. My current hack is to just
> substitute the 2.2 code in. I could probably also put a
> newStyle.startsWith(oldStyle) which would also work. Has anyone else
> run into this?
>
> -B
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-dev-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org
Re: Password encryption and migrating from 2.2 -> 2.3...
Posted by "Henning P. Schmiedehausen" <hp...@intermeta.de>.
Brian Lawler <br...@tribenetwork.com> writes:
>Never mind, looks like Henning had this problem already and created the
>OldJavaCrypt service to accommodate those in my situation.
:-) I was in the middle of typing exactly this answer when I read your second mail.
Regards
Henning
--
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen INTERMETA GmbH
hps@intermeta.de +49 9131 50 654 0 http://www.intermeta.de/
RedHat Certified Engineer -- Jakarta Turbine Development -- hero for hire
Linux, Java, perl, Solaris -- Consulting, Training, Development
"Au�erdem k�nnen in Deutschland alle Englisch. [...] so entf�llt die
Notwendigkeit [...] Deutsch zu lernen."
-- Johan Micoud auf die Frage warum er kein Deutsch spricht.
(http://www.spiegel.de/spiegel/0,1518,273205,00.html)
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-dev-help@jakarta.apache.org