This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes authentication types Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "authentication types" Watch "authentication types" New topic
Author

authentication types

Steven Colley
Ranch Hand

Joined: Feb 18, 2005
Posts: 290
Hi folks, again

I got the following sentences in HFSJ (page 648).

- DIGEST - "stronger"
- Client Cert - "Strong"


But some mocks i got that "CC" would be stronger than "DIGEST", because it�s encrypted and DIGEST only uses MD5 encode...

What is teh correct answer?

Tks.


SCJP | SCWCD | SCBCD | SCWSD 5 | SCEA (I) 1.4 | SCEA 5 | IBM SOA 669
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41042
    
  43
It wouldn't have occurred to me to compare the two in terms of strength, as they do different things. I wouldn't say "something is only MD5 encoded". MD5 is not an encoding, not even a cipher, but a hash. Once something has been run through MD5, the contents can not be recovered.

Maybe what's meant here is that the crypto method of digests (one-way) is stronger than the one used with CCs (which I think is based on encryption, and thus two-way). But I'd consider the authentication provided by CCs to be stronger than the one provided by a digested password.


Ping & DNS - my free Android networking tools app
Gab Buda
Greenhorn

Joined: Mar 25, 2006
Posts: 24
If we put the things in their context, they say that "BASIC" is weak and "DIGEST" is stronger (compared to BASIC); they don't say "DIGEST" is the strongest of all. That's what I understood.

hope this helps
Gabb


SCJP 1.4 (85%)<br />SCWCD 1.4 (94%)
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: authentication types
 
Similar Threads
What is called optional authentication type?
APOP .. ?
manning's question about AUTHENTICATION mechanisms
object ref types trip me up all the time
Synchronized method to get md5 digest