Martin,
All encryption systems need a way to boot themselves. This either means
you store the password somewhere so the program can self-boot itself, or
you need user intervention, such as typing in the password (or inserting
a dongle or other security hardware device).
Once the system has booted itself, then it can store things safely using
encryption. A hash value is simply a transformation of one string into
another, so if the program that retrieves the password retrieves the
real password or its hash, there is no added security, the hash has
simply become the password (after all, you cannot go from the hash to
the password value, at least not easily with a good hash, as that's it's
main reason for being).
Hashed passwords are very useful if you have others who will be entering
the password in, since you can then store only hashes, and when you need
to verify the password entered, you create a hash of the entered
password and then compare it to the stored hashed value.
This isn't the case for applications that need to bootstrap themselves.
You really either need to require manual intervention to start it (and
enter the password), or it will be stored in the clear somewhere.
David
Martin Dubuc wrote:
Chris,
I am not sure I buy your argument that because there is somewhere else
in an implementation that is as insecure as cleartext password, then
there is no point in fixing the cleartext password issue. With this
argument, we would never care about fixing any security holes, because
one can always find a new security hole to exploit. Plus, well, the
assumption that someone is using a password-less key with Apache
running with SSL is pretty weak, because there are ways to avoid using
password-less key.
As far as the UNIX password analogy, tomcat may be seen as a user, not
UNIX, but it still performs authentication. So in my mind, it is
filling in for both roles (UNIX and user). I have the impression that
using MD5/SHA hashing would be a good option, because it would be
simple, would not require any additional key, would provide some sense
of security. Not the silverlining, but better than cleartext, for
sure.
Martin
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
