So it seems, Jetspeed password can't be recovered.
Is that true?
Bhaskar
On 8/21/08, Ate Douma <[EMAIL PROTECTED]> wrote:
>
> Bhaskar Roy wrote:
>
>> Hi Ate,
>>
>> Thanks for your reply. I am trying to decode the passwords, which are set
>> by
>> Jetspeed. I thought PBEPasswordTool can do that, if not, how I can recover
>> passwords.
>>
> As I described before, you can only recover passwords which were encoded by
> the PBEPasswordTool itself, e.g. by leveraging and configuring the
> PBEPasswordService (which extends PBEPasswordTool) as
> CredentialPasswordEncoder for Jetspeed (defined in Spring assembly file
> security-spi-atn.xml).
>
> If you have used the default configured
> MessageDigestCredentialPasswordEncoder for encoding your passwords, there is
> no way to decode them anymore as MessageDigest encoding is a one-way only
> encoding algorithm.
>
> Regards,
>
> Ate
>
>
>> Thanks again!
>> Bhaskar
>>
>>
>> On 8/18/08, Ate Douma <[EMAIL PROTECTED]> wrote:
>>
>>> Hi Bhaskar,
>>>
>>> The PBEPasswordTool can only be used to decode a password for a specific
>>> user (name) under the following conditions:
>>>
>>> a) (trivial) the encoded password was created using PBEPasswordTool
>>> b) the same secrect key is used for initializing the PBEPasswordTool
>>> c) the same username is used for decoding as used for encoding
>>>
>>> So, the following should be true (see also TestPBEPasswordTool.java):
>>>
>>> PBEPasswordTool pbe = new PBEPasswordTool("xyz");
>>> assertEquals("Decoded password doesn't match original", "abc123",
>>> pbe.decode("user1", pbe.encode("user1","abc123")));
>>>
>>> Regards,
>>>
>>> Ate
>>>
>>> Bhaskar Roy wrote:
>>>
>>> any help???
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: Bhaskar Roy <[EMAIL PROTECTED]>
>>>> Date: Aug 10, 2008 5:56 PM
>>>> Subject: org.apache.jetspeed.security.util.PBEPasswordTool Not working
>>>> To: Jetspeed Users List <[email protected]>
>>>>
>>>> Has anybody used this tool before?? I am trying to use this tool to
>>>> decrypt
>>>> password, but I am getting following error -
>>>>
>>>> Exception in thread "main"
>>>> org.apache.jetspeed.security.SecurityException:
>>>> Unexpected security error at PBEPasswordTool from decode: Input length
>>>> must
>>>> be multiple of 8 when decrypting with padded cipher
>>>> at
>>>>
>>>>
>>>> org.apache.jetspeed.security.util.PBEPasswordTool.decode(PBEPasswordTool.java:93)
>>>> at
>>>>
>>>>
>>>> org.apache.jetspeed.security.util.PBEPasswordTool.main(PBEPasswordTool.java:132)
>>>> Caused by: javax.crypto.IllegalBlockSizeException: Input length must be
>>>> multiple of 8 when decrypting with padded cipher
>>>> at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
>>>> at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
>>>> at com.sun.crypto.provider.SunJCE_ae.b(DashoA12275)
>>>> at
>>>>
>>>> com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineDoFinal(DashoA12275)
>>>> at javax.crypto.Cipher.doFinal(DashoA12275)
>>>> at
>>>>
>>>>
>>>> org.apache.jetspeed.security.util.PBEPasswordTool.decode(PBEPasswordTool.java:89)
>>>> ... 1 more
>>>>
>>>> Thanks in advance!
>>>> Bhaskar
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
