2. Password encryption

The passwords used for authentication so far has been stored in plain text. This might be a security issue so RIFE comes with support for three different encryption algorithms: MD5, SHA and OBF (obfuscated). It's as simple as passing the desired algorithm as the authentication element's password_encryption parameter, for example:

<property name="password_encryption">MD5</property>

When using encrypted passwords in the memory users file, the password needs to be prefixed by the algorithm, so that RIFE knows which one to use:

Example 11.3. Encrypted memory users

  <user login="guest">

  <user login="gbevin">

There is a small commandline tool that encrypts (and decrypts) passwords and produces strings with the right format that RIFE can understand. To try it out, run it like this:

java -classpath rife-{version}.jar com.uwyn.rife.tools.StringEncryptor 
        -e MD5:encrypt-this-password    

This generates an MD5 password, and using SHA: or OBF: as prefix uses the SHA and OBF algorithms instead.