org.silverpeas.authentication.encryption
Class UnixMD5Encryption

java.lang.Object
  org.silverpeas.authentication.encryption.UnixMD5Encryption

All Implemented Interfaces:

PasswordEncryption

public class UnixMD5Encryption
extends Object
implements PasswordEncryption

A variation of the MD5 algorithm (Message Digest 5) as used in modern Unix systems for hashing the passwords.

This version uses salting to perturb the algorithm in different ways, and hence to be less vulnerable to attacks.

Since the discovery of the vulnerability of the MD5 algorithm, it is now replaced in the current Unix systems by one of the SHA-2 algorithm (SHA-256 or SHA-512). OpenBSD, an operating system notorious for being "obsessed with security", uses as its default password authentication mechanism the bcrypt cryptographic algorithm (a modified version of Blowfish).

This class implements the popular MD5Crypt function as used by BSD and most modern Un*x systems. It was basically converted from the C code write by Poul-Henning Kamp.

Field Summary

Fields inherited from interface org.silverpeas.authentication.encryption.PasswordEncryption

BAD_PASSWORD_MESSAGE

Constructor Summary

UnixMD5Encryption()

Method Summary

void	check(String password, String digest) Checks the specified password matches the specified digest.
boolean	doUnderstandDigest(String digest) Does this encryption understand the specified digest?
String	encrypt(String password) Encrypts the specified password by using a random salt (or no salt for some weakness algorithms).
String	encrypt(String password, byte[] salt) Encrypts the specified password by using the specified salt.
byte[]	getSaltUsedInDigest(String digest) Gets the salt that was used to compute the specified digest.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UnixMD5Encryption

public UnixMD5Encryption()

Method Detail

encrypt

public String encrypt(String password)

Encrypts the specified password by using a random salt (or no salt for some weakness algorithms).

Specified by:

encrypt in interface PasswordEncryption

Parameters:

password - the password to encrypt.

Returns:

a digest of the password.

encrypt

public String encrypt(String password,
                      byte[] salt)

Encrypts the specified password by using the specified salt. If the salt is null or empty, then a random salt is computed.

Specified by:

encrypt in interface PasswordEncryption

Parameters:

password - the password to encrypt.

salt - the salt to use to generate more entropy in the encryption of the password.

Returns:

a digest of the password.

check

public void check(String password,
                  String digest)
           throws AssertionError

Checks the specified password matches the specified digest.

Specified by:

check in interface PasswordEncryption

Parameters:

password - an unencrypted password.

digest - a digest of a password with which the specified password has to be matched.

Throws:

AssertionError - if the digest wasn't computed from the specified password.

getSaltUsedInDigest

public byte[] getSaltUsedInDigest(String digest)

Gets the salt that was used to compute the specified digest.

According to the cryptographic algorithm that computed the digest, the salt used in the encryption can be retrieved from the digest itself. In the case the salt cannot be determine, an empty one is then returned.

Specified by:

getSaltUsedInDigest in interface PasswordEncryption

Parameters:

digest - the digest from which the salt has to be get.

Returns:

the salt or nothing (an empty salt) if it cannot be get from the digest.

doUnderstandDigest

public boolean doUnderstandDigest(String digest)

Does this encryption understand the specified digest? An encryption understands usually the digest it has itself generated. This method is for knowing the encryption that has computed a given digest.

Specified by:

doUnderstandDigest in interface PasswordEncryption

Parameters:

digest - the digest to analyse.

Returns:

true if the specified digest was computed by this encryption, false if it doesn't understand it (either the encryption hasn't generated the digest or it cannot analyse it).