On 04/20/12 11:10, Mark Rotteveel wrote: > On Fri, 20 Apr 2012 10:40:29 +0400, Alex Peshkoff <peshk...@mail.ru> > wrote: >> On 04/19/12 22:48, Mark Rotteveel wrote: >>> On 19-4-2012 10:17, Dmitry Yemanov wrote: >>>> 19.04.2012 12:02, Mark Rotteveel wrote: >>>> >>>>> Ok, that sounds relatively easy. What is the hashing algorithm, and >>>>> where >>>>> in the Firebird sources can I find its implementation? >>>> Something derived from DES, AFAIK. See ENC_crypt(), located in > /src/jrd/ >>>> (pre-FB3) or in /src/common/ (trunk). >>> Is it standard DES, or a modification? >>> >> Mark, I'm not absolutely sure what kind of DES is used, and telling true >> do not care too much. I think you should not worry about implementing ti >> in Java client - it anyway adds absolutely no security compared with >> sending clear password over the wire. And I will fix FB3 to accept it. > I had a look yesterday and I couldn't easily find out if it was standard > DES; comparing some Java DES implementations I did find commonalities, but > some of the operations (and optimizations?) and pointer magic done are hard > to follow if you are not that well-versed in C. I also saw that most DES > implementations do not use a salt, which makes it harder to follow. Other > examples refer to the use of the DES implementation in the Java API (of > which the source is not directly available; I will need to check the > OpenJDK or BouncyCastle sources). > > I am going to think it over, not having to implement it is of course far > easier. >
The main problem is that I do not know good reason to waste time implementing it ... >> It's much more useful to decide what to do with SRP. And (taking wider >> look at it) - will it be possible to load client parts of plugins by >> Java client? > Technically yes, but most Java developers usually do not want to bother > with the hassle that is involved with using native libraries. So a pure > java implementation will be needed. Certainly it will be great to have Java implementation of SRP. BTW, I've used to rewrite it from Jim's Java code :-) But in a case when one has some authentication plugin it will be very useful to learn to load it in order not to rewrite it to Java. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
