Please consider adding a couple of features to the security model used for J2 that will enhance security significantly, particularly against dictionary attacks on the database. I can elaborate on these points if need be.
1) Salted passwords. Protects against batched dictionary attacks. 2) Variable security. Basically a per user settable counter that sets how many times a hash function is repeated. Repeating the hash does not improve security of a given password, but rather intentionally slows down the password check and, therefore, makes dictionary attacks significantly more expensive for the attacker. Further, it can be tuned per user so that passwords of some users take longer to dictionary attack than others. 3) Password fields at least large enough to hold hashed SHA-256. Not as important, but a "nice to have": 4) Variable algorithm. A per user setting that indicates what algorithm is used to validate the user. This is useful really only to solve on particular problem: if you later decide to migrate to a new algorithm -- moving from MD5 to SHA-256, say -- how do you do so without resetting everyone's password? For most systems, you cannot just rehash the password under the new system, because you only have the encrypted version and cannot generate the plaintext. If, however, you had a setting that indicates what algorithm was used, you can do a migration gradually. That is, next time that user logs on (which is validated under the old system), you can make him change the password, saving the new one under the new system. This sounds a bit unlikely, I know, but I've had to migrate two different systems to a new password algorithm and it was not pleasant because the systems lacked this feature. Another benefit of this feature is that if you have different clients who demand different algorithms, you can support them both at once. This tends not to be an issue unless you have clients that are banks or some other institution with an extremely detailed set of security requirements. Thanks, Wordman --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
