RE: [SC-L] Java keystore password storage

2005-04-26 Thread Chris Matthews
David Crocker wrote: I'm by no means an expert in the field of security and Java, but I believe that the usual technique is to encode the password that the user types using a 1-way hashing algorithm, then store (and hide/protect) the encoded version and use that as the password. If an attacker

RE: [SC-L] Java keystore password storage

2005-04-25 Thread David Crocker
I'm by no means an expert in the field of security and Java, but I believe that the usual technique is to encode the password that the user types using a 1-way hashing algorithm, then store (and hide/protect) the encoded version and use that as the password. If an attacker manages to read the