There are a lot of cryptography samples in java around - you can
use them to encode passwords and save them encoded to the password file.
Here is my method - I do not remember where did I find it, only that it is
RSA-based. Here is the password encoder using the password itself as a
public key:
public String encrypt( String Password )
String retval = "";
if( Password == null || Password.length() == 0 ) return retval;
byte[] Bytes = Password.getBytes();
BigInteger PrivateKey = new BigInteger( Bytes );
while( !PrivateKey.isProbablePrime( 100 ) ) PrivateKey =
rivateKey.add( m_ONE );
BigInteger PublicKey =
PrivateKey.modInverse( m_PrimeX.subtract( m_ONE ).multiply( m_PrimeY.subtrac
t( m_ONE ) ) );
byte[] temp;
int BigDigitsLength = Bytes.length / 8 + ( Bytes.length % 8 > 0 ? 1 :
0 );
BigInteger[] bigdigits = new BigInteger[ BigDigitsLength ];
for( int i = 0; i < Bytes.length; i += 8 )
temp = new byte[ 8 ];
for( int j = 0; j < 8; j++ )
if( i + j < Bytes.length ) temp[ j ] = Bytes[ i + j ]; else temp[ j ]
= 0;
bigdigits[ i / 8 ] = new BigInteger( temp );
}
//BigInteger[] encrypted = new BigInteger[ bigdigits.length ];
try
StringBuffer retbuf = new StringBuffer();
for( int j = 0; j < bigdigits.length; j++ )
retbuf.append( bigdigits[ j ].modPow( PublicKey,
m_Modulo ).toString() );
retval = retbuf.toString();
}
catch( Exception e ) { return retval; }
return retval;
}
...
// RSA data
private static final BigInteger m_PrimeX = new
BigInteger("13529597555908415873");
private static final BigInteger m_PrimeY = new
BigInteger("12126300757719360319");
private static final BigInteger m_Modulo = new
BigInteger("164063969093850228837190614238185943487");
// A BigInteger representation of the number one.
private static final BigInteger m_ONE = new
BigInteger("1");
Password validation consists of
- encrypting the user provided password and
- comparing it to the stored one for that user.
Do not worry of cracking - it's not an easy task to decrypt the password
encrypted this way - it's 64-bit RSA - even if the numbers used are
permanent. If you want please do decrypt my favorite password:
113089639727704902357479481329649526643
-----Original Message-----
From: A mailing list for discussion about Sun Microsystem's Java Servlet API
Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Martin Jarvis
Sent: Monday, January 31, 2000 1:14 PM
To: [EMAIL PROTECTED]
Subject: Re: Encryption !!
Wouldn't SSL be a better solution? After all, if you use JavaScript to
perform the encryption, the Javascript code will be visible to anyone
capable of doing a view source and therefore your password encryption
routines would be easily crackable.
Regards,
Martin
-----------------------------------------------------------------
Principal Consultant
ATS-EMEA
Oracle Corporation
----- Original Message -----
From: Ramakanth Padmanabhan Sengamedu <mailto:[EMAIL PROTECTED]>
To: <mailto:[EMAIL PROTECTED]>
Sent: Monday, 31 January 2000 9:53 am
Subject: Encryption !!
> hi
> Has anybody done encryption of passwords in javascript used in
login
> page of the application and in servlets too. Can u share the code. thanx
in
> advance
> Ramakanth
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
