I am working on an application using JSP, Oracle. I am accepting username and password from the users and storing in the database. But, my requirement is that I want to encrypt / Decrypt the password so that it will be more secure. Can anyone guide me in this regard ?? thanx in advance
Just think of some simple math function to put to the characters in the password is my best suggestion. In the past I had been known to take the ASCII value of each letter and add multiply them by a the first number of that ASCII value. Then I added a random number which I stored at the end of the number for later retrieval. Really, once you have your idea of how you'd like to encrypt a password, it's pretty simple. Coming up with an idea on the encryption which is sufficient for you might be a little bit harder if you require high security. If you are talking for database storage, then this is a good way to go. If you are talking for passing the values for use as a session variable, there are session utilities out there. I have never worked with any and just pass a session variable in the query string which is my own encrypted mess.
With all due respect to Jeff, that's not a very secure algorithm. What's more common is to hash the password using a digest encoding (MD5 or other algorithm), and store the hashed value. When a password is to be authenticated, it is also hashed and compared against the stored value. The same starting string will result in the same hash. Note that the hashed password is never decoded... that is in fact not possible; digest encoding is one-way only. But that's no problem since you don't ever need to decode the password back to its original form in order to perform authentication. hth, bear
I needed to be able to decrypt my passwords as I used the same method for other values I was passing in the query string which I did not want easily editable. I know it's not super secure... but for what I was working on at the time, it was more than sufficient.
Joined: Feb 22, 2003
Thanx Bear Bibeault , Jeff Grant I'll be glad if you help me with a sample code. thanx again