Are you referring to "glassfish/domains/domain1/config/admin-keyfile"?
If you look at the file, you can see the password is prefixed with
{SSHA}, that is the hash that was used to encrypt it. SHA is a one-way
hash algorithm, there is no way to get the plain text password back
again... and if you found a way, you could probably land a pretty good
job a security expert :)
Passwords are generally stored as hashes, since something like a
symmetric cipher (such as AES, DES) can be un-done with a known key, and
arguably less secure.
I would say that the file is secure since its using SHA.
Sarah kho wrote:
>
> hi
>
> thank you for reading my post
>
> can someone please let me know what ist he encryption key for the
> master-password file?
>
> how safe this file is?
>