[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU Crypto] Passwords Immutable?
From: |
Casey Marshall |
Subject: |
Re: [GNU Crypto] Passwords Immutable? |
Date: |
Tue, 04 May 2004 17:05:30 -0700 |
User-agent: |
Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Bryan" == Bryan Hoover <address@hidden> writes:
Bryan> Casey Marshall wrote:
>> There really isn't much sense is worrying about PLAIN. Probably
>> the best thing to do is use CharEncoder or OutputStreamWriter and
>> ByteArrayOutputStream.
Bryan> Ignoring PLAIN is reasonable (though a wee bit discriminatory
Bryan> :)). But there's the MD5 mechanism too.
Bryan> My thinking is that any data structure that a shared secret
Bryan> goes into, ought to be a decendant of DestroyableObject. In
Bryan> this light, that concatenated user info/password ought to go to
Bryan> Password construction together.
Bryan> However, since Password then becomes somewhat of a misnomer
Bryan> (which may or may not be "overthinking" depending on
Bryan> perspective), I was thinking I'd just refactor the
Bryan> DestroyableObject/Password hierarchy, to include a, say,
Bryan> "SecureData" class or some such -- the hierarchy would go
Bryan> DestroyableObject--> SecureData-->Password, with the MD5
Bryan> mechanism DestroyableObject data stored in a SecureData object.
I like the idea of having a byte-oriented class underlying Password
(which then just adds char support). `SecureData' might be a misnomer
too, however ;) I mean, we don't want to imply that storing data into
this class secures it in any meaningful way. `SensitiveData' might be
a better name.
- --
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>
iD8DBQFAmC/GgAuWMgRGsWsRAsU/AKCNsNsK50r7K7+E1/X6plC5kaOhCgCeMn3s
whs/PhXVCMiX78TSSmXIbwk=
=k/ow
-----END PGP SIGNATURE-----
- Re: [GNU Crypto] Passwords Immutable?, (continued)
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/03
- Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/03
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/04
- Re: [GNU Crypto] Passwords Immutable?,
Casey Marshall <=
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/09
- Re: [GNU Crypto] Passwords Immutable?, Casey Marshall, 2004/05/09
- Re: [GNU Crypto] Passwords Immutable?, Bryan Hoover, 2004/05/09