Re: [OT] question about realm auth and digest attribute
is it really that hard to reply to a question without coming off as a pompous ass? On Mon, Sep 22, 2008 at 4:23 PM, André Warnier [EMAIL PROTECTED] wrote: Mark Thomas wrote: [...] It took me less than a minute to find the JavaDoc for java.security.MessageDigest It's by saying things like that that you provoke this kind of question.. It takes us mere mortals ages to find anything there. :-) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about realm auth and digest attribute
i'm talking about this part of configuration: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html On Thu, Sep 18, 2008 at 3:18 PM, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe, Joe A wrote: if i'm going to be using sha-1 for the encryption, do i just specify digest=SHA, digest=SHA1, digest=SHA-1? I'm not sure you have a choice... I think it's MD5 by default with no other options. http://en.wikipedia.org/wiki/Digest_access_authentication Note that MSIE 5.0+ apparently doesn't do things right, and will therefore not work (2002 report). Note sure if it has been fixed in later versions. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjSt5kACgkQ9CaO5/Lv0PBlVwCgkXSaxKshMhTO9Ri5mziOQNOF ROEAnRX0WFPrkz/F4oRN98d9xjjnEoU3 =icKO -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about realm auth and digest attribute
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe, Joe A wrote: i'm talking about this part of configuration: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Sorry, I should have been more clear. Although Tomcat allows you to pick the hashing algorithm for DIGEST auth, there is no way for the server to communicate to the client what type of hashing function is being used. I believe all current HTTP clients will use MD5 since they have no way to decide to use something else. Definitely let me know if this is not the case. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjX8YQACgkQ9CaO5/Lv0PCbUQCgwdb8IFsxxszP1N/bN8EAS0ag 95wAnRaCQCf1ZNE7Q4bd1uf+ei4TwOYv =PQy0 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about realm auth and digest attribute
i'm talking about the part of configuration that lets you choose specify how the passwords are stored in the users table. On Mon, Sep 22, 2008 at 2:27 PM, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe, Joe A wrote: i'm talking about this part of configuration: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Sorry, I should have been more clear. Although Tomcat allows you to pick the hashing algorithm for DIGEST auth, there is no way for the server to communicate to the client what type of hashing function is being used. I believe all current HTTP clients will use MD5 since they have no way to decide to use something else. Definitely let me know if this is not the case. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjX8YQACgkQ9CaO5/Lv0PCbUQCgwdb8IFsxxszP1N/bN8EAS0ag 95wAnRaCQCf1ZNE7Q4bd1uf+ei4TwOYv =PQy0 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about realm auth and digest attribute
Joe A wrote: i'm talking about the part of configuration that lets you choose specify how the passwords are stored in the users table. To repeat my previous answer, any digest that is supported by the JVM you are using is fine for this. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about realm auth and digest attribute
in the docs it says The value for this attribute must be one of the digest algorithms supported by the java.security.MessageDigest class (SHA, MD2, or MD5). so if i encrypt using the sha1 algorithm, do you know if i should specify sha1 or sha-1 or sha? thanks, joe On Mon, Sep 22, 2008 at 3:06 PM, Mark Thomas [EMAIL PROTECTED] wrote: Joe A wrote: i'm talking about the part of configuration that lets you choose specify how the passwords are stored in the users table. To repeat my previous answer, any digest that is supported by the JVM you are using is fine for this. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about realm auth and digest attribute
Joe A wrote: in the docs it says The value for this attribute must be one of the digest algorithms supported by the java.security.MessageDigest class (SHA, MD2, or MD5). so if i encrypt using the sha1 algorithm, do you know if i should specify sha1 or sha-1 or sha? Is it really too much effort for you to look this up in the API docs yourself? It took me less than a minute to find the JavaDoc for java.security.MessageDigest and to follow the links to the list of supported digests. The 1.6 docs list the following: MD2, MD5, SHA-1, SHA-256, SHA-384, SHA512 Alternatively you could have just tried digesting a password. You should see an exception if you try digesting a password with an invalid digest alg. Mark thanks, joe On Mon, Sep 22, 2008 at 3:06 PM, Mark Thomas [EMAIL PROTECTED] wrote: Joe A wrote: i'm talking about the part of configuration that lets you choose specify how the passwords are stored in the users table. To repeat my previous answer, any digest that is supported by the JVM you are using is fine for this. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] question about realm auth and digest attribute
Mark Thomas wrote: [...] It took me less than a minute to find the JavaDoc for java.security.MessageDigest It's by saying things like that that you provoke this kind of question.. It takes us mere mortals ages to find anything there. :-) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
question about realm auth and digest attribute
if i'm going to be using sha-1 for the encryption, do i just specify digest=SHA, digest=SHA1, digest=SHA-1? thanks, joe
Re: question about realm auth and digest attribute
- Original Message - From: Joe A [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, September 18, 2008 8:07 PM Subject: question about realm auth and digest attribute if i'm going to be using sha-1 for the encryption, do i just specify digest=SHA, digest=SHA1, digest=SHA-1? thanks, joe SHA, MD2, or MD5... I think I cant remember the reasons off hand, but in practice its MD5 only. (help me here people) --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about realm auth and digest attribute
Johnny Kewl wrote: - Original Message - From: Joe A [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, September 18, 2008 8:07 PM Subject: question about realm auth and digest attribute if i'm going to be using sha-1 for the encryption, do i just specify digest=SHA, digest=SHA1, digest=SHA-1? thanks, joe SHA, MD2, or MD5... I think I cant remember the reasons off hand, but in practice its MD5 only. http://tomcat.markmail.org/ HTTP DIGEST auth is MD5 only. Digested passwords are anything supported by the JVM. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question about realm auth and digest attribute
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe, Joe A wrote: if i'm going to be using sha-1 for the encryption, do i just specify digest=SHA, digest=SHA1, digest=SHA-1? I'm not sure you have a choice... I think it's MD5 by default with no other options. http://en.wikipedia.org/wiki/Digest_access_authentication Note that MSIE 5.0+ apparently doesn't do things right, and will therefore not work (2002 report). Note sure if it has been fixed in later versions. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjSt5kACgkQ9CaO5/Lv0PBlVwCgkXSaxKshMhTO9Ri5mziOQNOF ROEAnRX0WFPrkz/F4oRN98d9xjjnEoU3 =icKO -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]