[jboss-jira] [JBoss JIRA] Issue Comment Edited: (JGRP-1100) ENCRYPT debug log prints "hex" output in ambiguous format
Bela Ban (JIRA)
jira-events at lists.jboss.org
Fri Dec 10 10:46:29 EST 2010
[ https://issues.jboss.org/browse/JGRP-1100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12569299#comment-12569299 ]
Bela Ban edited comment on JGRP-1100 at 12/10/10 10:45 AM:
-----------------------------------------------------------
Question is should we remove formatArray() ? because it is only used to print out a key when logging is enabled, and I think we should *not* print out that key anyway ! Not sure but this one-way hashing of the key is probably not very safe, so folks with access to the code can reverse engineer the key ?
was (Author: bela at jboss.com):
Question is should we remove formatArray() ? because it is only used to print out a key when logging is enabled, and I think we should *not* print out that key anyway ! Not sure but this one-way hashing of the key is probably not very safe, so folks with access to the key can reverse engineer the key ?
> ENCRYPT debug log prints "hex" output in ambiguous format
> ---------------------------------------------------------
>
> Key: JGRP-1100
> URL: https://issues.jboss.org/browse/JGRP-1100
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 2.4.7
> Reporter: Dennis Reed
> Assignee: Dennis Reed
> Fix For: 2.4.10, 2.12
>
>
> ENCRYPT.formatArray doesn't convert a byte array straight to hex.
> It leaves off any leading 0 in a byte and appends ffffff in front of any negative byte.
> This prevents the original data from easily being reconstructed from the log for debugging purposes.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list