Korbinian Bachl wrote: > > This is nothing about wicket - its about base security. MD5 is a > hash-algorithm (see: http://en.wikipedia.org/wiki/Md5) which is no more > secure (flaw found 1996) as there are tables to reverse given md5 (from > 2003 on) to a valid input >
thank you for your answers. I know that MD5 isn't much secure, but it doesn't matter (I just want to obfuscate them, to prevent an admin to get a clear password from his admin console). But I agree, SHA may be better... I guessed there was a wicket way to 1) crypt some data before sending them out of the client's browser (so it doesn't travel in clear) 2) compare it on the server side with the required hashed password. I know how to write the crypto algorithm... I just don't know the best way to integrate it into wicket. However, I saw some interface on Wicket (like ICrypt) and guessed there is a way to use it well... Thank you for your interest ;) -- View this message in context: http://www.nabble.com/How-to-secure-passwords--tf4936916.html#a14132134 Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
