1 Reply Latest reply on Sep 3, 2005 11:45 PM by Scott Stark

    Password encryption in DBLoginModule

    Josh Reeves Newbie

      Hello,

      Ch. 8, p. 287 states:


      ? hashAlgorithm: The name of the java.security.MessageDigest algorithm to use to hash the password.
      There is no default so this option must be specified to enable hashing. When hashAlgorithm is specified, the
      clear text password obtained from the callbackhandler is hashed before it is passed to UsernamePasswordLoginModule.
      validatePassword as the inputPassword argument. The expectedPassword as obtained from the database must be comparably hashed.


      1. What are the available names of MessageDigest to specify?
      2. "The expectedPassword as obtained from the database must be comparably hashed." - is there a standard way of "comparably hashing" the expectedPassword?

      Many thanks!