aspose file tools*
The moose likes JSP and the fly likes Password Encryption Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Password Encryption" Watch "Password Encryption" New topic
Author

Password Encryption

Rakesh Gadre
Ranch Hand

Joined: Feb 22, 2003
Posts: 47
I am working on an application using JSP, Oracle. I am accepting username and password from the users and storing in the database. But, my requirement is that I want to encrypt / Decrypt the password so that it will be more secure. Can anyone guide me in this regard ??
thanx in advance
Jeff Grant
Ranch Hand

Joined: Dec 19, 2001
Posts: 169
Just think of some simple math function to put to the characters in the password is my best suggestion. In the past I had been known to take the ASCII value of each letter and add multiply them by a the first number of that ASCII value. Then I added a random number which I stored at the end of the number for later retrieval.
Really, once you have your idea of how you'd like to encrypt a password, it's pretty simple. Coming up with an idea on the encryption which is sufficient for you might be a little bit harder if you require high security.
If you are talking for database storage, then this is a good way to go. If you are talking for passing the values for use as a session variable, there are session utilities out there. I have never worked with any and just pass a session variable in the query string which is my own encrypted mess.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

With all due respect to Jeff, that's not a very secure algorithm.
What's more common is to hash the password using a digest encoding (MD5 or other algorithm), and store the hashed value.
When a password is to be authenticated, it is also hashed and compared against the stored value. The same starting string will result in the same hash.
Note that the hashed password is never decoded... that is in fact not possible; digest encoding is one-way only. But that's no problem since you don't ever need to decode the password back to its original form in order to perform authentication.
hth,
bear


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Jeff Grant
Ranch Hand

Joined: Dec 19, 2001
Posts: 169
I needed to be able to decrypt my passwords as I used the same method for other values I was passing in the query string which I did not want easily editable.
I know it's not super secure... but for what I was working on at the time, it was more than sufficient.
Rakesh Gadre
Ranch Hand

Joined: Feb 22, 2003
Posts: 47
Thanx Bear Bibeault , Jeff Grant
I'll be glad if you help me with a sample code.
thanx again
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

Check out the java.security.MessageDigest class. It's pretty straight-forward to use.
hth,
Bear
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Password Encryption