| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Casey Marshall wrote: > `append' would break the contract of immutability, and I think making > them immutable, but destroyable, is best. Yeah, your right. Bad idea. > Bryan> Could handwave, with the observation that plain text ain't any > Bryan> too secure anyway :), but CramMD5Client does something similar > Bryan> with String data, where again, an append method would take care > Bryan> of it. > > There really isn't much sense is worrying about PLAIN. Probably the > best thing to do is use CharEncoder or OutputStreamWriter and > ByteArrayOutputStream. Ignoring PLAIN is reasonable (though a wee bit discriminatory :)). But there's the MD5 mechanism too. My thinking is that any data structure that a shared secret goes into, ought to be a decendant of DestroyableObject. In this light, that concatenated user info/password ought to go to Password construction together. However, since Password then becomes somewhat of a misnomer (which may or may not be "overthinking" depending on perspective), I was thinking I'd just refactor the DestroyableObject/Password hierarchy, to include a, say, "SecureData" class or some such -- the hierarchy would go DestroyableObject-->SecureData-->Password, with the MD5 mechanism data stored in a SecureData object. The refactoring would be isolated relative to Password, and SecureData, and would not require any changes to existing Password data type patch proliferation. Bryan > > - -- > Casey Marshall || csm@xxxxxxx > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/> > > iD8DBQFAlw7tgAuWMgRGsWsRAkfmAKCHUVEku/35BoSZQLMRDKdbAXL5OwCdHUO3 > aZE15/By4Va4o1meRpjiBOg= > =jub9 > -----END PGP SIGNATURE----- - -- Were I to wish for anything I would not wish for wealth and power, but for the passion of the possible, that eye which everywhere, ever young, ever burning, sees posibility. - (Soren Kierkegaard - Either/Or) http://www.wecs.com/content.htm This signature file is generated by Pick-a-Tag ! Written by Jeroen van Vaarsel http://www.google.com/search?hl=en&ie=ISO-8859-1&q=pick-a-tag -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) - GPGrelay v0.94 iD8DBQFAmAVt8CguVNZ0FHARAqvkAKCDN5zeErIKjf5vhnvRuaOpNs9FKwCfVCZy ignu+XVRfTIUQJViav0YJtg= =+Vza -----END PGP SIGNATURE----- _______________________________________________ gnu-crypto-discuss mailing list gnu-crypto-discuss@xxxxxxx http://mail.nongnu.org/mailman/listinfo/gnu-crypto-discuss
[Home] [Gnu Classpath] [Linux Kernel] [Linux Cryptography] [Fedora] [Fedora Directory] [Red Hat Development] [Red Hat 9 Bible] [Fedora Bible] [Red Hat 9] [Network Security Reading]
|