Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [dsdp-mtj-dev] RC4Engine issue
Hi Guys,

I've already committed a now solution for encrypting the passwords, it is very similar to the one before, but using Password-based encryption (PBE with MD5 and TripleDES) instead of BouncyCastle RC4. (https://bugs.eclipse.org/bugs/show_bug.cgi?id=232427). Please take a look at  org.eclipse.mtj.core.model.impl.MetaData class and send me your comments.

Hugo Raniere


Paula Gustavo-WGP010 wrote: 
Hi craig,

I think that it would be nice if we have like an "import from EclipseME"
menu on MTJ (I think that the original MTJ has something like that). In
this feature it would probably be impossible to convert the password if
two different signing mechanisms are used. But we can add some
documentation on the MTJ help or even add a text field on the import
dialog to enter the password again. 

Maybe we can have some external tool to do the project conversion too...
Personally I don't see a big problem with that, but I agree that I'm not
sure that is worth the effort. Besides that we would need to host and
maintain it separated from eclipse.

I just talked with hugo and he will probably commit the password
crypt/decrypt until the end of this week. 

:)
gep

-----Original Message-----
From: dsdp-mtj-dev-bounces@xxxxxxxxxxx
[mailto:dsdp-mtj-dev-bounces@xxxxxxxxxxx] On Behalf Of Craig Setera
Sent: segunda-feira, 5 de maio de 2008 18:41
To: Mobile Tools for The Java Platform mailing list
Subject: Re: [dsdp-mtj-dev] RC4Engine issue

See below...

On May 5, 2008, at 4:32 PM, Raniere Hugo-wha006 wrote:

  
Hi Craig,

I'll work to enable this feature again. Assuming that we don't want to
    
  
keep compatibility to EclipseME metadata, we don't need to mimic the 
same behavior we had with Bounce Castle, we can implement this feature
    
  
using any cipher available in JavaSE.

In fact, my first thought is to reuse the same encrypt/decrypt 
mechanism used by eclipse to save in system keyring. I'll evaluate if 
we can do that, and if not, I will take a look at other options to 
encrypt the password in project metadata file.
    
  
The bad side is that any migration wizard from eclipseME to MTJ 
projects that we can come with, will not be able to migrate the 
passwords, as we've removed BC and could not mimic its behavior.

    
That all depends on who writes/hosts the migration functionality.  If I
write it and host it, I can continue to use BouncyCastle to access the
original keystore and if you give me a good API on the MTJ side, I can
write it back out through you.  I'm not yet sure this is worth it,  
as it is not horribly difficult to require the password be reentered.   
I would suggest that the logic gracefully handle the situation for now
and we will go from there.
  
Craig
_______________________________________________
dsdp-mtj-dev mailing list
dsdp-mtj-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/dsdp-mtj-dev
_______________________________________________
dsdp-mtj-dev mailing list
dsdp-mtj-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/dsdp-mtj-dev

Back to the top