-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Konstantin,
On 7/29/19 08:36, Konstantin Kolinko wrote:
> чт, 25 июл. 2019 г. в 17:23, Support <supp...@xcaptor.com>:
>>
>> Hi Sir,
>>
>> I am using tomcat 9 for my application. For my admin page, I have
>> a username and password in conf/tomcat-user.xml. Using digest.sh,
>> I encrypted my password(sha-256).
>>
>> password: Password encrypted:
>> 5er5akakfkd556546adnfjbkklndkfgbjdb
>
> Even though everyone now knows your password,
Do we? Unless the password shown above is NOT hashed in any way, I
think we are out of luck. It is definitely NOT the output of any hash
function I know of.
> but nobody knows what you actually did (step-by-step), nor what
> exact version of Tomcat 9.0.xx you are using, nor how your Realm is
> configured.
>
> Your "encrypted" value does not look like a correct password
> digest, which has format "{salt}${iterations}${digest}"
+1
It's possible to get a non-iterated "digested" password from Tomcat
these days, but you have to try pretty hard.
The old digest capability Tomcat had for many years has been replaced
with a properly-salted, iterated hash algorithm.
If you are starting from scratch, you are better off using the default
which is now PBKDF2WithHmacSHA1. It's better than trying to determine
your own salt length and iteration count.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl0/U/IACgkQHPApP6U8
pFguKA//WwpjskdDqin8DkWuVq50sdIFeSdDLOIp364+KgoEOHkxjgtoqbc/IBIU
Iegcr0X272Cu/4F2RmPO9uVV2/ms+Za3PBa2amTVotIe6Lw4lv3xdK5qGGLKzhv5
aN1x1Q7VBueW4qstYDUcgpGs++Y/G1CHLVoofTbDytsGYt3KojsHFT6KkyHLzgbd
u1wCLa/zU3WbRbExmHKeiwTrB+emzlAzMirU+CWlyW49E9aTeyfASO0KPxGXRIgg
jCVNeG02y1MiKuJUwa2HaoP5ojUZxydQoYucSVBskzaqhHgjIjX2zikn5Z1EEpau
Cd8DABmxAjyBszgParJVP0EcxhZQeWDsJ2D3xkquEhUbVAL7IB0Fv7jEB+oJAXmK
X7DRvYjFsqPBP5MR7XF3FVZcmiF1Q6a1aqfL3xmuxSTSDIvEJr6YxCz6z/c8M3d7
CUzkwMQikcj9AZL3iArJDqbgLuXN+a546r3clwDl5W/22G1+d3KN1H2hIwhQBcXj
+fIJS2OJvVeIZrdlgYRqHxBqhvnhemzXm4gW3CloxYaq3kcNA40Y5S6f+rwlVIwn
6S2EKpkdXadEWDJFz9MXWADQIv9NRv5d78sqx6yyjkvDhwwC/bu69pxtPXHnmB0G
DO2/It69ELFTyAONXwRuO1gtoiV4kTiGYOmAXKsLTac0u34W7qs=
=rW/r
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
