[Q] password encryption

Bert Freudenberg bert at isg.cs.uni-magdeburg.de
Wed Jan 16 10:59:29 UTC 2002


On Tue, 15 Jan 2002, Joern Eyrich wrote:

> > On Sun, 13 Jan 2002, Gerald Leeb wrote:
> > 
> > > I'm searching for a password encryption like the Unix password
> > > security. I need a one-way encryption.
> > 
> > Class Authorizer does RFC1421 encryption, which is what HTTP uses:
> > 
> > Authorizer new encode: 'name' password: 'pass'
> > 
> > --> 'bmFtZTpwYXNz'
> 
> It's not one-way, though.
> Looks like the "Basic" authenticatiion scheme, which is bas64-encoding
> for "name:pass"

Uh. You're right. Would have been obvious if the code stated that ... I 
wonder why RFC1421 does not mention BASE64. Is it any different? If not, 
the whole method could be replaced by

encode: nameString password: pwdString
	"Encode per RFC1421 of the username:password combination."

	^ (Base64MimeConverter mimeEncode: 
		(ReadStream on: nameString, ':', pwdString)) contents



-- Bert




More information about the Squeak-dev mailing list