Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / January 2005

Tip: Looking for answers? Try searching our database.

MD5 or DES encryption

Thread view: 
Enable EMail AlertsStart New Thread
keshian - 27 Jan 2005 17:21 GMT
I have a 3rd party app that is going to encrypt a username/password and
send it to me over the URL string.  I've found examples of how to
decrypt it but that means I have to have the key file that was used to
encrypt it.

How do I get this key?
Where do I store it?
How do I use it for my decryption?  

Using JSP.

Thanks!
Reply to this Message
Daniel Schneller - 27 Jan 2005 17:47 GMT
Hello!

I think you misunderstand something.
DES is an encryption algorithm, while MD5 is a hashing algorithm.

DES means you take a plaintext (password), apply a function to it using
the key as a parameter and get a ciphertext. Only using the exact same
key you can get the plaintext back.

MD5 takes the plaintext and calculates a hash-value of fixed size. There
is no way to recompute the original plaintext from the hashcode. It is a
one-way function.

Daniel
Reply to this Message
keshian - 27 Jan 2005 19:36 GMT
OK then let's talk DES since that's what we'd use since I need to
reverse it.  Questions still apply.

Thanks for the response.
Reply to this Message
Mr. Skeptic - 27 Jan 2005 22:24 GMT
The answer depends entirely on how the 3rd party app is encrypting the
information, and what information you have at your end prior to
receiving the data from the 3rd party app.

--greg
Reply to this Message
keshian - 28 Jan 2005 00:29 GMT
OK let me expound a little bit on the scenario.  A 3rd party
application has a varierty of means of encrypting a string value they
want to send to me.  3DES, MD4, MD5 and about 20 other options.  They
are going to take this string and encrypt it with one of these methods.
I should receive the key that they used to encrypt the string so that
I can read the encrypted string over the URL, then apply the string to
the encryption key to translate it back to a normal readable string.
Reply to this Message
keshian - 28 Jan 2005 00:32 GMT
Currently we  built our own hash table and are translating characters
to 3 digit numbers, adding the time as an int and then multiplying  by
an 18 digit prime.

Thanks for the responses.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.