Whoops. Sorry. That is no longer a proposal. It's got a formal RFC assigned to it now - http://tools.ietf.org/html/rfc5843 Additional Hash Algorithms for HTTP Instance Digests
-- Joakim Erdfelt [email protected] http://webtide.com | http://intalio.com (the people behind jetty and cometd) On Fri, Nov 4, 2011 at 10:04 PM, Joakim Erdfelt <[email protected]> wrote: > Som quick research turned up these two specs ... > > http://tools.ietf.org/html/rfc3230 > Instance Digests in HTTP > This only talks about SHA-1 (for SHA-512 you want SHA-2) > > and a proposal/draft > > http://tools.ietf.org/html/draft-bryan-http-digest-algorithm-values-update-04 > Additional Hash Algorithms for HTTP Instance Digests > This introduces SHA-2 algorithms to RFC3230 > > refs: > SHA-1 - http://en.wikipedia.org/wiki/SHA-1 > SHA-2 - http://en.wikipedia.org/wiki/SHA-2 > > -- > Joakim Erdfelt > [email protected] > > http://webtide.com | http://intalio.com > (the people behind jetty and cometd) > > > > On Fri, Nov 4, 2011 at 9:31 PM, Guy Hillyer <[email protected]>wrote: > >> Stephen, I am no expert, but I happen to have started working in this >> area in the past couple of days. Jetty's abstract Credential class does >> not seem to be extensible, since it has knowledge of its concrete (and >> nested) subtypes. >> >> But I think the problem goes deeper than that. You need cooperation >> from the browser to extend credential types. How will you achieve that? >> >> As far as I know (not very) the last word on http authentication >> standards is RFC2617, which specifies MD5. I'd be happy to learn that >> there is more flexibility here than I understand there to be. >> >> >> On 11/04/2011 11:28 PM, Stephen G. Walizer wrote: >> > I'd like to extend the authentication system in an embedded Jetty 7 to >> use a custom variant of JDBCLoginService so that it knows the password >> format without requiring the prefix:data format (for example md5:hash). I >> can see how I could build and set a new LoginService but how would I go >> about adding additional Credential types to be used? >> > >> > Alternately I'd even settle for adding Credential types using the >> algorithm:data format for something more secure like SHA-512. >> > >> > Thanks! >> > ----------------------------------------------------------- >> > - stephen.g.walizer - [email protected] >> > ----------------------------------------------------------- >> > >> > >> > >> > _______________________________________________ >> > jetty-users mailing list >> > [email protected] >> > https://dev.eclipse.org/mailman/listinfo/jetty-users >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
