Thursday Jan 27, 2011

Change in the default digest algorithm in FileRealms (GF 3.1)

In GlassFish 3,1, the digest algorithm for storing file users in the keyfiles for the FileRealm based realms has been changed to SHA-256 from the previous SHA-1. This includes the default realm - file and the admin-realm. The change can be observed in respective keyfiles - keyfile and admin-keyfile - The SSHA256 tag and a longer digest  than the earlier SSHA tag (representing SHA-1 algorithm).

 Keyfile and admin-keyfile in GlassFish 3.1

test;{SSHA256}RsvY2gBprLirxbEgUklqKGWiH31uDnMgyL54eGGgNs48PpYVUkILtg==;

admin;{SSHA256}yRrrmQ0GxF6U8lp0A8EZvphpdC5dsVPMdreZDh3tOsFVMMk57tVz4w==;asadmin

Keyfile and admin-keyfile prior to GlassFish 3.1

 test;{SSHA}jTFkVn/hPKjzsI1WsdlihHCL+5rh6++KTEqfYg==;

admin;{SSHA}d18x+nm1GkaoXQpT3NiecZaBwZSrGm50disn0A==;asadmin

 Support is provided for users created in versions of GlassFish prior to GlassFish 3.1 and upgraded to the latest 3.1. The decoding mechanism interprets the algorithm to be used for decoding the digest. However while creating new users in the latest version (3.1), only SHA-256 is employed. This change has been effected since SHA-256 is known to provide better security than SHA-1. To the end-user, there is no difference in the usage of file user passwords.

About

nitkal

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Bookmarks