[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU Crypto] Passwords Immutable?
From: |
Bryan Hoover |
Subject: |
Re: [GNU Crypto] Passwords Immutable? |
Date: |
Tue, 04 May 2004 17:04:43 -0400 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Casey Marshall wrote:
> `append' would break the contract of immutability, and I think making
> them immutable, but destroyable, is best.
Yeah, your right. Bad idea.
> Bryan> Could handwave, with the observation that plain text ain't any
> Bryan> too secure anyway :), but CramMD5Client does something similar
> Bryan> with String data, where again, an append method would take care
> Bryan> of it.
>
> There really isn't much sense is worrying about PLAIN. Probably the
> best thing to do is use CharEncoder or OutputStreamWriter and
> ByteArrayOutputStream.
Ignoring PLAIN is reasonable (though a wee bit discriminatory :)). But
there's the MD5 mechanism too.
My thinking is that any data structure that a shared secret goes into,
ought to be a decendant of DestroyableObject. In this light, that
concatenated user info/password ought to go to Password construction
together.
However, since Password then becomes somewhat of a misnomer (which may
or may not be "overthinking" depending on perspective), I was thinking
I'd just refactor the DestroyableObject/Password hierarchy, to include
a, say, "SecureData" class or some such -- the hierarchy would go
DestroyableObject-->SecureData-->Password, with the MD5 mechanism data
stored in a SecureData object.
The refactoring would be isolated relative to Password, and SecureData,
and would not require any changes to existing Password data type patch
proliferation.
Bryan
>
> - --
> Casey Marshall || address@hidden
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
>
> iD8DBQFAlw7tgAuWMgRGsWsRAkfmAKCHUVEku/35BoSZQLMRDKdbAXL5OwCdHUO3
> aZE15/By4Va4o1meRpjiBOg=
> =jub9
> -----END PGP SIGNATURE-----
- --
Were I to wish for anything I would not wish for wealth and power, but
for the passion of the possible, that eye which everywhere, ever young,
ever burning, sees posibility. - (Soren Kierkegaard - Either/Or)
http://www.wecs.com/content.htm
This signature file is generated by Pick-a-Tag !
Written by Jeroen van Vaarsel
http://www.google.com/search?hl=en&ie=ISO-8859-1&q=pick-a-tag
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32) - GPGrelay v0.94
iD8DBQFAmAVt8CguVNZ0FHARAqvkAKCDN5zeErIKjf5vhnvRuaOpNs9FKwCfVCZy
ignu+XVRfTIUQJViav0YJtg=
=+Vza
-----END PGP SIGNATURE-----
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/01
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/03
- Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/03
- Re: [GNU Crypto] Passwords Immutable?,
Bryan Hoover <=
- Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/04
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/09
- Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/09
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/09