[SC-L] RE: Java keystore password storage

2005-04-26 Thread john bart
Is there something like window's DPAPI in the Unix world (solaris, linux, etc..)? From: Michael Howard [EMAIL PROTECTED] To: john bart [EMAIL PROTECTED],[EMAIL PROTECTED],SC-L@securecoding.org,[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: Java keystore password storage

RE: [SC-L] Java keystore password storage

2005-04-26 Thread Chris Matthews
David Crocker wrote: I'm by no means an expert in the field of security and Java, but I believe that the usual technique is to encode the password that the user types using a 1-way hashing algorithm, then store (and hide/protect) the encoded version and use that as the password. If an attacker