[GitHub] [tomcat] MilovdZee commented on a change in pull request #336: fix SSHA by implementing SSHAv2

Fri, 07 Aug 2020 09:08:44 -0700 


MilovdZee commented on a change in pull request #336:
URL: https://github.com/apache/tomcat/pull/336#discussion_r467133771



##########
File path: java/org/apache/catalina/realm/MessageDigestCredentialHandler.java
##########
@@ -32,16 +32,13 @@
 /**
  * This credential handler supports the following forms of stored passwords:
  * <ul>
- * <li><b>encodedCredential</b> - a hex encoded digest of the password digested
- *     using the configured digest</li>
- * <li><b>{MD5}encodedCredential</b> - a Base64 encoded MD5 digest of the
- *     password</li>
- * <li><b>{SHA}encodedCredential</b> - a Base64 encoded SHA1 digest of the
- *     password</li>
- * <li><b>{SSHA}encodedCredential</b> - 20 character salt followed by the 
salted
- *     SHA1 digest Base64 encoded</li>
- * <li><b>salt$iterationCount$encodedCredential</b> - a hex encoded salt,
- *     iteration code and a hex encoded credential, each separated by $</li>
+ * <li><b>encodedCredential</b> - a hex encoded digest of the password 
digested using the configured digest</li>
+ * <li><b>{MD5}encodedCredential</b> - a Base64 encoded MD5 digest of the 
password</li>
+ * <li><b>{SHA}encodedCredential</b> - a Base64 encoded SHA1 digest of the 
password</li>
+ * <li><b>{SSHA}encodedCredential</b> - 20 character SHA1 digest Base64 
encoded followed by salt</li>
+ * <li><b>{SSHA2}encodedCredential</b> - 20 character salt followed by the 
salted digest Base64 encoded</li>

Review comment:
       Fixed. I started by using SSHA2 but that suggested that it used SHA-2 
what is not the case. It could use SHA-2 but it could just as well use SHA-512.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to