This post has been de-listed
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
So, one of the main code bases I work with is a massive java project that still uses RMI. It's got a client side, multiple server components and of course a database.
It has multiple methods of authenticating users; the two main being using our LDAP system with regular network credentials and another using an internal system.
The database stores an MD5 Hashed version of their password.
When users log in, the password is converted to an MD5 hash and put into an RMI object as a Sealed String (custom extension of SealedObject, with a salt) to be sent to the server (and unsealed) to compare with the stored MD5 hash in the database.
Does this extra sealing with a salt make sense when it's already an MD5 Hash? Seems like it's double encrypted for the network transfer.
(I may have some terminology wrong. Forgive me)
What do you recommend?
It's on a private air gapped network if it makes a difference
Subreddit
Post Details
- Posted
- 4 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/javahelp/co...
Yeah, this creating a MD5 hash with "MessageDigest.getInstance("MD5")" and then is using PBEWithMD5AndDES to seal it in a sealed object in particular to send the hash over RMI.