Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure Java Apps on Linux using MD5 Crypt

Posted by ScuttleMonkey on from the handyman's-corner dept.

An anonymous reader writes "If you are a security developer and need to interface a Java application with the local operating system user registry, what do you do? IBMDeveloperWorks gives you the answer: 'UNIX/Linux PAM (Pluggable Authentication Module)-compatible systems that use authentication based on the GNU MD5 extensions to the crypt() system call. It will describe these extensions and show you a Java implementation of MD5 crypt (using FreeBSD as my UNIX).'"

2 of 25 comments (clear)

  1. MD5 bashers, RTFA please by MacroRex · · Score: 4, Informative

    The article is not promoting the use of MD5, but rather how external Java apps can directly authenticate against existing crypt() -based hashes.

    The original crypt() used DES, and GNU later improved it to use MD5. The fact that both of them are outdated and insecure by current standards is not relevant from TFA's point of view.

  2. Slow news day? by ChrisRijk · · Score: 3, Informative

    The article talks about accessing a particular OS function (local operating system user registry) which requires MD5s. Is that really so interesting that it needs to be posted here? Seems like a lot of people would assume the title suggests all security in Java is based on MD5.

    It's not.

    For example, if you're interested in using AES in Java, here's an article from 2003:
    http://java.sun.com/developer/technicalArticles/Se curity/AES/AES_v1.html