Apparently this has been thought about:
( These are the first few results that came up in Google)
http://crypto.stanford.edu/~dabo/cs255/proj1.html
http://www.javaworld.com/javaworld/jw-04-2001/jw-0413-howto.html
http://jcewww.iaik.at/products/jce/documentation/javadoc/javax/crypto/Ci
pher.html
http://www.vscape.com/libraries/vsps.html
Search these pages for "replay" or other attack and see some of the
issues.
There is probably a lot more complexity in these alternatives than you
may need or care
about, but there are some extra options available.
Thanks.
->-----Original Message-----
->From: Nic Ferrier [mailto:[EMAIL PROTECTED]]
->Sent: Friday, August 24, 2001 3:24 PM
->To: [EMAIL PROTECTED]
->Subject: Re: password security
->
->
->On Fri, Aug 24, 2001 at 11:53:40AM -0400, Mike Marchywka wrote:
->> Could you use some of the Java Cryptography(JCE) stuff over
->normal HTTP?
->> I'm not sure of the specifics of your situation but this may be an
->> option.
->
->Anything like that would be vulnerable to replay attacks.
->
->
->Nic Ferrier
->
->______________________________________________________________
->_____________
->To unsubscribe, send email to [EMAIL PROTECTED] and
->include in the body
->of the message "signoff SERVLET-INTEREST".
->
->Archives: http://archives.java.sun.com/archives/servlet-interest.html
->Resources:
->http://java.sun.com/products/servlet/external-resources.html
->LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
->
->
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
