Well I would like to know if anyone has tried a hand @ JCE I would like a good (one way) Password Encryption algorithm. Thanks.. I ve tried to use the JCE and sun.misc.. but i havent hit on one way encryption. please help if u can. Regds Gautham Kasinath
I assume by "one way" encryption algoristh you are looking for something to encrypt a password or other token, but don't need to decrypt it. Is this because you plan to directly compare the encrypted versions? Although I can't offer any solutions, this is an area which has interested me for a long time. Theoretically, you have three sorts of encryption available :- one-to-one, where every raw item has one and only one encrypted form; reducing, where many raw items encypt to a single encrypted form; and expanding, where a single raw item can encrypt to more than one encrypted form. Traditionally, "one way" system password encryption seems to use the second (reducing) case. I have heard many spurious arguments from people who claim that this is somehow "more secure" than a one-to-one system because you can't decrypt it back to the original item. But if you plan to directly compare the encrypted forms, then a reducing encryption is in fact less secure, as there are fewer possibilities to test against, and a greater chance of a random password encypting to the same encrypted form as the "real" password. So my question is, what sort of encryption are you looking for, and what is its intended use?
Hi! Well I need the encryption algorithm to encrypt passwords in a site that I am trying to launh. Well so for security reasons I fugured that one way encryption will best suit me as I ve seen how the passwords are stored in Unix and Linux using the crypt() method. But crypt is an easy victim for hackers... so I was looking for some kida algorithm that will help me in secring my clients passwords. I hope you have some hint on the same Thanks Regds Gautham Kasinath
Carl Trusiak
Sheriff
Joined: Jun 13, 2000
Posts: 3340
posted
0
One method I've seen for this is to encrypt the password to a long value.
This will always produce the same long number for a password and has a very low occurance of the same number for different passwords as long as the password is less than 16 characters.
Hi! Tanx a lot I guess it will help my purpose.. but can u gimme an Idea of how hack proof it will be to encrypt de password this way?? Regds Gautham Kasinath
Jim Baiter
Ranch Hand
Joined: Jan 05, 2001
Posts: 532
posted
0
You can use a hashing algorithm if you don't want to use JCE. The java.security package provides support for both MD5 and SHA-1.
gautham kasinath
Ranch Hand
Joined: Dec 01, 2000
Posts: 583
posted
0
Hi! Well tanx I guess de hash code will work but will it on crypting the password in a way that the same hash code is generated for the character always??? dats a question I ll find an answer to. regds Gautham Kasinath
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to
run our stuff on 16 servers instead of 3.
0
