users@glassfish.java.net

Re: What is the encryption key for master-password file?

From: Sarah kho <sarah.kho_at_gmail.com>
Date: Sat, 24 Jan 2009 10:51:50 +0330

Hi

Thank you for reply.

I am refering to glassfish\domains\domain1\master-password file which looks
to be completely encrypted and binay.

Thanks

On Sat, Jan 24, 2009 at 6:21 AM, Alex Sherwin
<alex.sherwin_at_acadiasoft.com>wrote:

> Are you referring to "glassfish/domains/domain1/config/admin-keyfile"?
>
> If you look at the file, you can see the password is prefixed with {SSHA},
> that is the hash that was used to encrypt it. SHA is a one-way hash
> algorithm, there is no way to get the plain text password back again... and
> if you found a way, you could probably land a pretty good job a security
> expert :)
>
> Passwords are generally stored as hashes, since something like a symmetric
> cipher (such as AES, DES) can be un-done with a known key, and arguably less
> secure.
>
> I would say that the file is secure since its using SHA.
>
>
> Sarah kho wrote:
>
>>
>> hi
>>
>> thank you for reading my post
>>
>> can someone please let me know what ist he encryption key for the
>> master-password file?
>>
>> how safe this file is?
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>