[
https://issues.apache.org/jira/browse/DELTASPIKE-1250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16006784#comment-16006784
]
Mark Struberg commented on DELTASPIKE-1250:
-------------------------------------------
A first design proposal can be found on my github repo
https://github.com/struberg/deltaspike/tree/DELTASPIKE-1250
Will now add a main method to generate the master password and encrypt content
> create a master/client encryption handling
> ------------------------------------------
>
> Key: DELTASPIKE-1250
> URL: https://issues.apache.org/jira/browse/DELTASPIKE-1250
> Project: DeltaSpike
> Issue Type: New Feature
> Components: Configuration
> Affects Versions: 1.7.2
> Reporter: Mark Struberg
> Assignee: Mark Struberg
> Fix For: 1.8.0
>
>
> For storing passwords in our configuration I'd like to implement a 2 stage
> approach to symmetric encryption.
> The current ideas is to have an encrypted has derived from a master password
> and box-locale information (MAC, IP, expiry date, etc).
> This encrypted sequence is different on every box. But the decrypted hash is
> not.
>
> With this hash we can encode a user password, which is then ofc the same on
> different boxes.
> Of course all that is just security by obscurity, but it's still much better
> than plaintext and even close to vault.
> After all, the only really secure way is using a hardware crypto box plus the
> user has to manually provide a password and not using static passwords but
> 1-time consumable tokens.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
