How to decrypt the DIGEST authentication?

Java Mailing List Archive

http://www.junlu.com/

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

JSP - A mailing list about Java Server Pages specification and reference

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Subject: Servlet : Session invalidate
•	Oracle Connection Pooling in 3 2 2
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Subject: Running a Simple JMS Example
•	Tomcat and webapplication specific java library path
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	Value attribute of <html:checkbox
•	url string for connecting jboss to oracle
•	javax servlet ServletException: BeanUtils populate
•	5 0 18: Windows XP Pro vs Windows 2000
•	HTTP Status 404 The requested resource is not available

How to decrypt the DIGEST authentication?

How to decrypt the DIGEST authentication?

2007-11-05 - By Johnny Kewl

Back

Reply: 1 2 3 4 5 6 7 8 9 10

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
HARBOR: http://coolharbor.100free.com/index.htm
Now Tomcat is also a cool pojo application server
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
-- -- Original Message -- --
From: "zhongliang zhang" <zhangzhongl@(protected)>
To: "Tomcat Users List" <users@(protected)>
Sent: Monday, November 05, 2007 5:28 AM
Subject: RE: [tomcat]How to decrypt the DIGEST authentication?

>
> Hi,
>
> It still does not work.
>
> Here is the trace:
>
> I create the SHA1 password from the command prompt:
>
> C:\tomcat>java org.apache.catalina.realm.RealmBase -a SHA1
> zhangzhongl:JDBCRealm
> :secret
> zhangzhongl:JDBCRealm:secret:0743d07d727aae8864569cbcefb9ae788150e8b9
>
> C:\tomcat>java org.apache.catalina.realm.RealmBase -a SHA
> zhangzhongl:JDBCRealm:
> secret
> zhangzhongl:JDBCRealm:secret:0743d07d727aae8864569cbcefb9ae788150e8b9
>
> So,I change the password of user "zhangzhongl" to
> "0743d07d727aae8864569cbcefb9ae788150e8b9",and add the digest attribute to
> JDBCRealm element which has a value of "SHA".

======================
Hi Zhang,
As Mark pointed out it can be done.
http://tomcat.apache.org/tomcat-6 (See http://cat-6.ora-code.com).0-doc/realm-howto.html#Digested%20Passwords

But they want you to make tha HASH like this

testUser:localhost:8080:testPassword

AND even though the Realm side is giving you a choice of HASH, I have a
feeling that TC probably uses MD5 on the Security constraint side
I dont know where
<auth-method>DIGEST</auth-method>
actually lets one choose the HASH so I think its MD5

So I THINK....
MD5(zhangzhongl:localhost:8080:thePassword)
will make the right hash... maybe ;)
ie you must make the HASH of all that stuff together, not just the password.
============================
>
> Start the cat,and enter the http://localhost:8080/,the dialog popup,and I
> enter zhangzhongl & secret as the username & password,which made me feel
> upset is I can not enter the welcome page.
>
> I do not know what is the reason,and I try to get some info from the
> logs,but no logs can provide some useful information for this.
>
> If possible,could you do me a favor to send me a simple sample application
> for test and get this problem solved?
>
> thank you so much!
>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ __
> Explore the seven wonders of the world
> http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
>
> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.