| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Bryan" == Bryan Hoover <bhoover@xxxxxxxx> writes: Bryan> Casey Marshall wrote: >> - It's our convention to not use redundant modifiers and >> declarations; this includes `throws' clauses for unchecked >> exceptions (although, they should be described in a `@throws' entry >> in the javadocs, if it is a public or protected method). Bryan> Also noticed 'final' was removed from Password method "input Bryan> only" parameters -- this seems incongruent with the style Bryan> guidelines -- was intentional? Nope. I removed them by mistake, shuffling files around. >> - I put Password into the package gnu.crypto.auth. I'm certain that >> this class will be useful in other places. The next thing to do is >> replace char arrays with Password wherever else appropriate. Bryan> There's a little "gottcha" relative to PlainClient, the plain Bryan> text password implementation. Most of the work is done in Bryan> EvaluateChallenge (id, and password init, as well as Bryan> evaluation). All user data is appended to a single Bryan> StringBuffer, converted to String, and returned as a utf-8 byte Bryan> array using String's getBytes. Bryan> Couple things come to mind -- rework, and generalize the Bryan> Password class idea, to something along the lines of a Bryan> "SecureData" class, and add an append method to it. Or could Bryan> just add an append method to the Password class. Only Bryan> difference between the two really, is metaphorical. `append' would break the contract of immutability, and I think making them immutable, but destroyable, is best. Bryan> Could handwave, with the observation that plain text ain't any Bryan> too secure anyway :), but CramMD5Client does something similar Bryan> with String data, where again, an append method would take care Bryan> of it. There really isn't much sense is worrying about PLAIN. Probably the best thing to do is use CharEncoder or OutputStreamWriter and ByteArrayOutputStream. - -- Casey Marshall || csm@xxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/> iD8DBQFAlw7tgAuWMgRGsWsRAkfmAKCHUVEku/35BoSZQLMRDKdbAXL5OwCdHUO3 aZE15/By4Va4o1meRpjiBOg= =jub9 -----END PGP SIGNATURE----- _______________________________________________ gnu-crypto-discuss mailing list gnu-crypto-discuss@xxxxxxx http://mail.nongnu.org/mailman/listinfo/gnu-crypto-discuss
[Home] [Gnu Classpath] [Linux Kernel] [Linux Cryptography] [Fedora] [Fedora Directory] [Red Hat Development] [Red Hat 9 Bible] [Fedora Bible] [Red Hat 9] [Network Security Reading]
|