Change in the default digest algorithm in FileRealms (GF 3.1)
By nitkal on Jan 27, 2011
In GlassFish 3,1, the digest algorithm for storing file users in the keyfiles for the FileRealm based realms has been changed to SHA-256 from the previous SHA-1. This includes the default realm - file and the admin-realm. The change can be observed in respective keyfiles - keyfile and admin-keyfile - The SSHA256 tag and a longer digest than the earlier SSHA tag (representing SHA-1 algorithm).
Keyfile and admin-keyfile in GlassFish 3.1
Keyfile and admin-keyfile prior to GlassFish 3.1
Support is provided for users created in versions of GlassFish prior to GlassFish 3.1 and upgraded to the latest 3.1. The decoding mechanism interprets the algorithm to be used for decoding the digest. However while creating new users in the latest version (3.1), only SHA-256 is employed. This change has been effected since SHA-256 is known to provide better security than SHA-1. To the end-user, there is no difference in the usage of file user passwords.