Re: [GNU Crypto] Passwords Immutable?

[Casey Marshall]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Bryan" == Bryan Hoover <address@hidden> writes:

Bryan> Casey Marshall wrote:
>>  There really isn't much sense is worrying about PLAIN. Probably
>> the best thing to do is use CharEncoder or OutputStreamWriter and
>> ByteArrayOutputStream.

Bryan> Ignoring PLAIN is reasonable (though a wee bit discriminatory
Bryan> :)).  But there's the MD5 mechanism too.

Bryan> My thinking is that any data structure that a shared secret
Bryan> goes into, ought to be a decendant of DestroyableObject.  In
Bryan> this light, that concatenated user info/password ought to go to
Bryan> Password construction together.

Bryan> However, since Password then becomes somewhat of a misnomer
Bryan> (which may or may not be "overthinking" depending on
Bryan> perspective), I was thinking I'd just refactor the
Bryan> DestroyableObject/Password hierarchy, to include a, say,
Bryan> "SecureData" class or some such -- the hierarchy would go
Bryan> DestroyableObject--> SecureData-->Password, with the MD5
Bryan> mechanism DestroyableObject data stored in a SecureData object.

I like the idea of having a byte-oriented class underlying Password
(which then just adds char support). `SecureData' might be a misnomer
too, however ;) I mean, we don't want to imply that storing data into
this class secures it in any meaningful way. `SensitiveData' might be
a better name.

- -- 
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>

iD8DBQFAmC/GgAuWMgRGsWsRAsU/AKCNsNsK50r7K7+E1/X6plC5kaOhCgCeMn3s
whs/PhXVCMiX78TSSmXIbwk=
=k/ow
-----END PGP SIGNATURE-----