Dashboard > RIFE > ... > Authentication > Password encryption
RIFE Log In | Sign Up   View a printable version of the current page.
Password encryption


 Browse Space
Added by Steven Grimm, last edited by Steven Grimm on Jul 16, 2006
Labels: 
(None)

The passwords used for authentication so far has been stored in plain text. This might be a security issue so RIFE comes with support for three different encryption algorithms: MD5, SHA, OBF (obfuscated) and WRP (Whirlpool). It's as simple as passing the desired algorithm as the authentication element's password_encryption parameter, for example:

<property name="password_encryption">MD5</property>

When using encrypted passwords in the memory users file, the password needs to be prefixed by the algorithm, so that RIFE knows which one to use:

Encrypted memory users
<credentials>
  <user login="guest">
    <password>SHA:duH5g2aTTgh6206iakXKII5qs0A=</password>
  </user>

  <user login="gbevin">
    <password>MD5:JJSy0mVyeMFG9f21yHQVyg==</password>
    <role>admin</role>
    <role>maint</role>
  </user>
</credentials>

There is a small commandline tool that encrypts (and decrypts) passwords and produces strings with the right format that RIFE can understand. To try it out, run it like this:

java -classpath rife-.jar com.uwyn.rife.tools.StringEncryptor
        -e MD5:encrypt-this-password

This generates an MD5 password, and using SHA:, OBF: or WRP: as prefix uses the SHA, OBF and WRP algorithms instead.


Are you enjoying Confluence? Please consider purchasing it today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.2.1a Build:#515 May 19, 2006) - Bug/feature request - Contact Administrators