On Fri, 20 Apr 2012 10:40:29 +0400, Alex Peshkoff <peshk...@mail.ru> wrote: > On 04/19/12 22:48, Mark Rotteveel wrote: >> On 19-4-2012 10:17, Dmitry Yemanov wrote: >>> 19.04.2012 12:02, Mark Rotteveel wrote: >>> >>>> Ok, that sounds relatively easy. What is the hashing algorithm, and >>>> where >>>> in the Firebird sources can I find its implementation? >>> Something derived from DES, AFAIK. See ENC_crypt(), located in /src/jrd/ >>> (pre-FB3) or in /src/common/ (trunk). >> Is it standard DES, or a modification? >> > Mark, I'm not absolutely sure what kind of DES is used, and telling true > do not care too much. I think you should not worry about implementing ti > in Java client - it anyway adds absolutely no security compared with > sending clear password over the wire. And I will fix FB3 to accept it.
I had a look yesterday and I couldn't easily find out if it was standard DES; comparing some Java DES implementations I did find commonalities, but some of the operations (and optimizations?) and pointer magic done are hard to follow if you are not that well-versed in C. I also saw that most DES implementations do not use a salt, which makes it harder to follow. Other examples refer to the use of the DES implementation in the Java API (of which the source is not directly available; I will need to check the OpenJDK or BouncyCastle sources). I am going to think it over, not having to implement it is of course far easier. > It's much more useful to decide what to do with SRP. And (taking wider > look at it) - will it be possible to load client parts of plugins by > Java client? Technically yes, but most Java developers usually do not want to bother with the hassle that is involved with using native libraries. So a pure java implementation will be needed. Mark ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
