Hi Dimitry and Eric,
Dimitry, could you please tell me your view of the encryption issue?
Eric, I can see from the code of TripleDesEncrypter class located in
Tools.java of FreeMind 0.9.0 beta 9 the following:
SecretKey key = SecretKeyFactory.getInstance(
"PBEWithMD5AndTripleDES").generateSecret(keySpec);
That means that TripleDES has been explicitly requested by FreeMind, just
that DES has been erroneously returned by JRE 1.4. This is not a feature;
this is a serious bug of Java to be sure.
I am far from confident that no user could have ever saved a map with
TripleDES, when I see the quoted code. Implementing the risk-averse
decryption, trying TripleDES if simple DES fails, as I have suggested would
be preferable.
For reference, see the following CVS points of Tools.java:
http://freemind.cvs.sourceforge.net/freemind/freemind/freemind/main/Tools.java?revision=1.17.18.9.2.14&view=markup&pathrev=fm_0_9_0_beta9
http://freemind.cvs.sourceforge.net/freemind/freemind/freemind/main/Tools.java?revision=1.17.18.9.2.17&view=markup&pathrev=fm_0_9_0_beta12
Best regards,
Dan
On 8/22/07, Dan Polansky <[EMAIL PROTECTED]> wrote:
>
> Hi Eric,
>
> so do I understand it right that no FreeMind user could ever manage to
> save a map that uses Triple DES encryption, not even when running on JRE
> 1.6? If that is so, then indeed my suggested SW solution is unnecessary,
> and the solution implemented by Dimitry is completely sufficient.
>
> Thanks for the other info.
>
> Best regards,
> Dan
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Freemind-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/freemind-developer
