Re: [GNU Crypto] Passwords Immutable?

gnu-crypto-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU Crypto] Passwords Immutable?

From:	Bryan Hoover
Subject:	Re: [GNU Crypto] Passwords Immutable?
Date:	Tue, 04 May 2004 17:04:43 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Casey Marshall wrote:
> `append' would break the contract of immutability, and I think making
> them immutable, but destroyable, is best.

Yeah, your right.  Bad idea.

> Bryan> Could handwave, with the observation that plain text ain't any
> Bryan> too secure anyway :), but CramMD5Client does something similar
> Bryan> with String data, where again, an append method would take care
> Bryan> of it.
>
> There really isn't much sense is worrying about PLAIN. Probably the
> best thing to do is use CharEncoder or OutputStreamWriter and
> ByteArrayOutputStream.

Ignoring PLAIN is reasonable (though a wee bit discriminatory :)).  But
there's the MD5 mechanism too.

My thinking is that any data structure that a shared secret goes into,
ought to be a decendant of DestroyableObject.  In this light, that
concatenated user info/password ought to go to Password construction
together.

However, since Password then becomes somewhat of a misnomer (which may
or may not be "overthinking" depending on perspective), I was thinking
I'd just refactor the DestroyableObject/Password hierarchy, to include
a, say, "SecureData" class or some such -- the hierarchy would go
DestroyableObject-->SecureData-->Password, with the MD5 mechanism data
stored in a SecureData object.

The refactoring would be isolated relative to Password, and SecureData,
and would not require any changes to existing Password data type patch
proliferation.

Bryan
>
> - --
> Casey Marshall || address@hidden
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
>
> iD8DBQFAlw7tgAuWMgRGsWsRAkfmAKCHUVEku/35BoSZQLMRDKdbAXL5OwCdHUO3
> aZE15/By4Va4o1meRpjiBOg=
> =jub9
> -----END PGP SIGNATURE-----

- --
Were I to wish for anything I would not wish for wealth and power, but
for the passion of the possible, that eye which everywhere, ever young,
ever burning, sees posibility. - (Soren Kierkegaard - Either/Or)

http://www.wecs.com/content.htm

This signature file is generated by Pick-a-Tag !
Written by Jeroen van Vaarsel
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=pick-a-tag
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32) - GPGrelay v0.94

iD8DBQFAmAVt8CguVNZ0FHARAqvkAKCDN5zeErIKjf5vhnvRuaOpNs9FKwCfVCZy
ignu+XVRfTIUQJViav0YJtg=
=+Vza
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/01
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/01
- Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/01
  - Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/01
    - Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/01
    - Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/01
    - Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/02
    - Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/02
  - Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/03
    - Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/03
    - Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover <=
    - Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/04
    - Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/09
    - Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/09
    - Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/09

Prev by Date: Re: [GNU Crypto] Passwords Immutable?
Next by Date: Re: [GNU Crypto] Passwords Immutable?
Previous by thread: Re: [GNU Crypto] Passwords Immutable?
Next by thread: Re: [GNU Crypto] Passwords Immutable?
Index(es):
- Date
- Thread