Perl & Java -- Can they keep a secret?by Flame (Deacon)
|on Nov 17, 2003 at 03:17 UTC||Need Help??|
Flame has asked for the
wisdom of the Perl Monks concerning the following question:
As the title implies, this question spans two languages, Perl and Java. I have a Perl server with Java clients and I need to find some means of allowing the Java client to securely broadcast a login/pass. (Ref: Ecrypting passwords for the source of a few of these ideas)
I've considered having the whole connection over SSL, but concluded it required too much effort (the server is in POE which I'm still learning about... I don't wanna fiddle with the internals before I have the externals working and well understood.)
I've considered the following also:
The problem with this idea is in the fact that the JCE (Java Cryptography Extension) is highly restricted and I don't want to have to add aditional 'providers'.
The other significant problem is my unfamiliarity with digital cryptography. I have a great deal of knowledge about historical techniques, but this is a whole new ballpark. I notice that HMAC-MD5 seems to exist in both Perl and Java, but now I'm faced with the problem of not realy understanding how they work, and so being unable to understand what they really do, or what restrictions there are. For example, the docs for Digest::HMAC_MD5 state only that you pass the data and a key. The presence of the key suggests that this might be two-way encryption, something I don't think I want.
Overall, I'm open to almost any suggestion, whether it builds off of my current efforts or not.
Description of the server and goals: Persistant connection. Clients connect and log in and kinda sit around for a while. (Game server of sorts.)
My code doesn't have bugs, it just develops random features.