Som quick research turned up these two specs ... http://tools.ietf.org/html/rfc3230 Instance Digests in HTTP This only talks about SHA-1 (for SHA-512 you want SHA-2)
and a proposal/draft http://tools.ietf.org/html/draft-bryan-http-digest-algorithm-values-update-04 Additional Hash Algorithms for HTTP Instance Digests This introduces SHA-2 algorithms to RFC3230 refs: SHA-1 - http://en.wikipedia.org/wiki/SHA-1 SHA-2 - http://en.wikipedia.org/wiki/SHA-2 -- Joakim Erdfelt [email protected] http://webtide.com | http://intalio.com (the people behind jetty and cometd) On Fri, Nov 4, 2011 at 9:31 PM, Guy Hillyer <[email protected]>wrote: > Stephen, I am no expert, but I happen to have started working in this > area in the past couple of days. Jetty's abstract Credential class does > not seem to be extensible, since it has knowledge of its concrete (and > nested) subtypes. > > But I think the problem goes deeper than that. You need cooperation > from the browser to extend credential types. How will you achieve that? > > As far as I know (not very) the last word on http authentication > standards is RFC2617, which specifies MD5. I'd be happy to learn that > there is more flexibility here than I understand there to be. > > > On 11/04/2011 11:28 PM, Stephen G. Walizer wrote: > > I'd like to extend the authentication system in an embedded Jetty 7 to > use a custom variant of JDBCLoginService so that it knows the password > format without requiring the prefix:data format (for example md5:hash). I > can see how I could build and set a new LoginService but how would I go > about adding additional Credential types to be used? > > > > Alternately I'd even settle for adding Credential types using the > algorithm:data format for something more secure like SHA-512. > > > > Thanks! > > ----------------------------------------------------------- > > - stephen.g.walizer - [email protected] > > ----------------------------------------------------------- > > > > > > > > _______________________________________________ > > jetty-users mailing list > > [email protected] > > https://dev.eclipse.org/mailman/listinfo/jetty-users > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
