 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / October 2006java password check
Hi all, I have a java applet communicating with a server. I need to send a password, not in clear. On the server side thre's a unix system, so I tought to use the crypt command, but in the applet what can I use? is there a crypt compatible class? Or how can I do to send a password, without setting up a crypted ssl connection? thanks giammy > I have a java applet communicating with a server. > I need to send a password, not in clear. > > On the server side thre's a unix system, so I tought > to use the crypt command, but in the applet what > can I use? is there a crypt compatible class? From the Solaris manpage crypt(1): "Methods of attack on such machines are widely known, thus crypt provides minimal security." If you mean the C function crypt(3) instead, I'm not aware of an exact-duplicate implementation under Java, although someone who wanted to do so could port the BSD C code to Java. It could be used for what you want to do do only if the password were stored in the clear on the server. > Or how can I do to send a password, > without setting up a crypted ssl connection? 1. javax.crypto.SealedObject of the password, using a public-key cipher. 2. javax.crypto.SealedObject of a known, unique object, such as a challenge-token issued by the server, using a private-key cipher and the password as the key. 3. MD5 or SHA-1 hash of the concatenation of a known, unique object issued by the server and the password. In cases (2) and (3), the server needs to store the password in plaintext somewhere. In case (1), it only needs to store the hash of the password. The requirements to use a "known,unique object" are to prevent replay attacks. The Java Crypto stuff can be extended to support new algorithms; here are a couple ways to get started: MessageDigest digester = java.security.MessageDigest.getInstance("MD5"); digester.update(challenge.toString().getBytes()); digester.update(password); cpass = digester.digest(); Cipher csym = Cipher.getInstance("DESede"); cpub.init(Cipher.ENCRYPT_MODE,password); cpass = cpub.doFinal(challenge); Cipher cpub = Cipher.getInstance("RSA"); cpub.init(Cipher.ENCRYPT_MODE,server_public_key); cpass = cpub.doFinal(password);  SignaturePGP key posted on website ... http://www.lmert.com/people/davidl/ thank you for the answer, I'm valuating what to use, in the meantime I found: Java Implementation Of Crypt I began looking for a java-based crypt and to my surprise I was unable to find one. There were implementations that put a java front-end on native code, but I'd hoped for pure java code. I decided to use Eric Young's C code and translate it into java, the code that follows is the result. ... Mail me your praises or disparaging remarks about my meager programming skills at: jdumas@zgs.com http://locutus.kingwoodcable.com/jfd/crypt.html thanks giammy >> I have a java applet communicating with a server. >> I need to send a password, not in clear. [quoted text clipped - 8 lines] > If you mean the C function crypt(3) instead, I'm not aware of an exact-duplicate > implementation under Java, Probably http://www.cacas.org/java/gnu/tools/Crypt.java /Thomas SignatureThe comp.lang.java.gui FAQ: http://gd.tuwien.ac.at/faqs/faqs-hierarchy/comp/comp.lang.java.gui/ ftp://ftp.cs.uu.nl/pub/NEWS.ANSWERS/computer-lang/java/gui/faq Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.