1 Reply Latest reply on Sep 3, 2005 11:45 PM by starksm64

Password encryption in DBLoginModule

j.bin Sep 1, 2005 11:40 AM

Hello,

Ch. 8, p. 287 states:

? hashAlgorithm: The name of the java.security.MessageDigest algorithm to use to hash the password.
There is no default so this option must be specified to enable hashing. When hashAlgorithm is specified, the
clear text password obtained from the callbackhandler is hashed before it is passed to UsernamePasswordLoginModule.
validatePassword as the inputPassword argument. The expectedPassword as obtained from the database must be comparably hashed.

1. What are the available names of MessageDigest to specify?
2. "The expectedPassword as obtained from the database must be comparably hashed." - is there a standard way of "comparably hashing" the expectedPassword?

Many thanks!

1. Re: Password encryption in DBLoginModule

starksm64 Sep 3, 2005 11:45 PM (in response to j.bin)

1. depends on the security providers installed in the jdk.
2. other than ignoring case what is there to change in the comparision?
Actions