Re: How do I decrypt passwords?

Fri, 02 Feb 2007 12:28:58 -0800
Checkout the security.properties file. This and other such gems are also referred to in the " Apache OFBiz Technical Production Setup Guide": 

http://docs.ofbiz.org/x/j

-David


On Feb 2, 2007, at 3:54 AM, Chandresh Turakhia wrote:


Give a day ; It will try to check the code line by line again. And  
map the code with new library with plus and minus.



1 line answer : Configurability. Currently we have smartly create 1  
smart method which does 1 way encryption. But note it is same  
algorithm and some like me hacked it :)


We can generalise and use more configurable.

Chand


----- Original Message -----
From: "Andrew Sykes" <[EMAIL PROTECTED]>
To: <dev@ofbiz.apache.org>
Sent: Friday, February 02, 2007 2:11 AM
Subject: Re: How do I decrypt passwords?



Chand,


Why is this better than what we have, what problems does it  
address that

you have found in OfBiz?

- Andrew


On Thu, 2007-02-01 at 22:26 -0800, Chandresh Turakhia wrote:

Team,

Is it worth looking at

http://www.jasypt.org/faq.html


Jasypt (Java Simplified Encryption) has released version 1.0.  
Jasypt allows
the developer to add basic encryption capabilities to his/her  
projects with

minimum effort, and without the need of having deep knowledge on how
cryptography works.

Feature Overview:
* It follows the RSA standards for Password-Based Cryptography.
* It is completely thread-safe.

* Can be both used in an "easy" way, with almost no difficulty,  
or in a

highly-configurable, power-user way.

* It provides comprehensive guides and javadoc documentation, to  
allow
developers to better understand what they are really doing to  
their data.

* It provides a Hibernate integration add-on (jasypt-hibernate) for

persisting fields of your mapped entities in an encrypted manner.  
Encryption

of fields is defined in the Hibernate mapping files, and it remains

transparent for the rest of the application (useful for sensitive  
personal

data, databases with many read-enabled users...)
* It can be perfectly integrated into a Spring application. All the
digesters and encryptors in jasypt are designed to be easily used

(instantiated, dependency-injected...) from an IoC container like  
Spring.
And, because of it being thread-safe, they can be used without  
worries in a

singleton-oriented environment like Spring.
* It allows a very high lever of configurability: The developer can

implement tricks like instructing an "encryptor" to ask a, for  
example,

remote HTTPS server for the password to be used for encryption.

----- Original Message -----
From: "Chandresh Turakhia" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <dev@ofbiz.apache.org>;
<[EMAIL PROTECTED]>
Sent: Thursday, January 25, 2007 3:03 AM
Subject: Re: How do I decrypt passwords?


Andrew & Drew,

 May I bring to light an different aspect of password generation :


        It generates the **same**  "encrypted password" every  
time. e.g
"test" may generate "XYXQ1111" . for the next test as password it  
will also

generate "XYXQ1111".


        I needed to stop user from registering with standard  
passwords like
"test" ; "test123" ; "bharti" etc.  All I had to do is run  the  
program
which checks for these "standard generated passwords"  and check  
with
"generated user entered password" in batch or online. It case  
string matches
, stop him from completing the process.  I admit it was really  
dirty hack.



        This is debatable issues - It is feature or bug :)     
Ofbiz being

Open source ; it has far more implication.


         Can password generation be parameterized so the  
generated password

is different.

Chand


----- Original Message -----
From: "Andrew Sykes" <[EMAIL PROTECTED]>
To: <dev@ofbiz.apache.org>
Sent: Wednesday, January 24, 2007 8:08 AM
Subject: Re: How do I decrypt passwords?



Drew,

I believe the encryption is asynchronous, i.e. not reversible.

- Andrew

On Wed, 2007-01-24 at 10:33 -0500, Stephens, Drew wrote:

I have a question about decrypting passwords from the  
User_Login table.

We need to prepare a file of User ID and passwords to an external

system, I think I have found the programming used to encrypt  
and save
the password to the database but I could find not any logic to  
decrypt

the password.  Obviously, if we can't decrypt we can't provide the

password.  I don't want to reverse engineer the encryption  
logic and
then write a new decryption logic; I want to use something that  
already

exists.


We are running an old version of OFBIZ, I think 1.1 but I don't  
remember

exactly how to find out for sure.

Thanks for any help you can provide.


Drew Stephens
Rippe & Kingston Systems, Inc.
[EMAIL PROTECTED]
Phone: (513) 977-4573

Visit us at: www.rippe.com

1077 Celestial Street, Cincinnati, Ohio 45202-1696


================================================================== 
======

=======



--
Kind Regards
Andrew Sykes <[EMAIL PROTECTED]>
Sykes Development Ltd
http://www.sykesdevelopment.com






--
Kind Regards
Andrew Sykes <[EMAIL PROTECTED]>
Sykes Development Ltd
http://www.sykesdevelopment.com






Attachment:
smime.p7s

Description: S/MIME cryptographic signature














    











					Reply via email to