> > > is not particularly secure and I would prefer to have a > more robust > > > solution (say with encrypted passwords ;-) ) but it works for now. > > > > > > > <sarcasm> > > Why not via SRP ? > > </sarcasm> > > > > sorry, could not resist > > Interesting, how would this fit into Geronimo to provide the > general JAAS login mechanisms to obtain subjects? >
You are asking seriously? http://srp.stanford.edu/ Then in all aspects. There are many LoginMudules avail with SRP. But, unfortunately it is useless. Because secure passwords does simply not exist: http://fiatlux.zeitform.info/en/instructions/passwords.html Theoretically and in a academic point of view, and only there: it provides security to a secure token (the password) on the wire - but nowhere else. Nobody, nobody will try to exploit your delivery of PASSWORDS on the wire. As we all know there are more cost&budget sparing treats to steal passwords. The main debility is the mixup of authentication and authorization in conjunction with the possibility of duplication. So you may have not only have more than one identity, you will exist more than once ... Especially if you want to save the anonymity of a user you are lost: Guest, anonymous etc.etc., which you can not track if you do not have at mindest a two-factor authentication. You need five points to do not make the non-existing security of passwords not more worth: Don't tell anyone your password. Don't write your password down anywhere. When you decide on a password, make sure it can't be guessed. If you think there's even a chance someone else might know your password, change it. Make sure no one is standing near you when you enter your password In the point of real security: passwords do not have a security aspect. These points depends all on exclusively on human interaction. The algorithm has zero chance. So the SRP implementations are a marcetecture thingy, more worse because they are a feint of security. But nice to implement :-) bax Refs: http://insight.zdnet.co.uk/internet/security/0,39020457,2120474,00.htm http://www.channelminds.com/article.php3?id_article=941 > Regards, > Alan >
