[ 
https://issues.apache.org/jira/browse/DELTASPIKE-1250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16009248#comment-16009248
 ] 

ASF subversion and git services commented on DELTASPIKE-1250:
-------------------------------------------------------------

Commit a57fbcfa7e924fa65c167daedf7e523a5c4169c5 in deltaspike's branch 
refs/heads/master from [~struberg]
[ https://git-wip-us.apache.org/repos/asf?p=deltaspike.git;h=a57fbcf ]

DELTASPIKE-1250 CipherService for encrypting/decrypting with secrets


> create a master/client encryption handling
> ------------------------------------------
>
>                 Key: DELTASPIKE-1250
>                 URL: https://issues.apache.org/jira/browse/DELTASPIKE-1250
>             Project: DeltaSpike
>          Issue Type: New Feature
>          Components: Configuration
>    Affects Versions: 1.7.2
>            Reporter: Mark Struberg
>            Assignee: Mark Struberg
>             Fix For: 1.8.0
>
>
> For storing passwords in our configuration I'd like to implement a 2 stage 
> approach to symmetric encryption.
> The current ideas is to have an encrypted hash derived from a master password 
> and machine specific information (MAC, IP, expiry date, etc).
> This encrypted sequence is different on every box. But the decrypted hash is 
> not.
>  
> With this hash we can encode a user password, which is then ofc the same on 
> different boxes. 
> Of course all that is just security by obscurity, but it's still much better 
> than plaintext and even close to Hashicorp Vault.
> After all, the only really secure way is using a hardware crypto box plus the 
> user has to manually provide a password and not using static passwords but 
> 1-time consumable tokens.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to