| Author |
Password Encryption
|
Rakesh Gadre
Ranch Hand
Joined: Feb 22, 2003
Posts: 47
|
|
I am working on an application using JSP, Oracle. I am accepting username and password from the users and storing in the database. But, my requirement is that I want to encrypt / Decrypt the password so that it will be more secure. Can anyone guide me in this regard ??
thanx in advance 
|
 |
Jeff Grant
Ranch Hand
Joined: Dec 19, 2001
Posts: 169
|
|
Just think of some simple math function to put to the characters in the password is my best suggestion. In the past I had been known to take the ASCII value of each letter and add multiply them by a the first number of that ASCII value. Then I added a random number which I stored at the end of the number for later retrieval.
Really, once you have your idea of how you'd like to encrypt a password, it's pretty simple. Coming up with an idea on the encryption which is sufficient for you might be a little bit harder if you require high security.
If you are talking for database storage, then this is a good way to go. If you are talking for passing the values for use as a session variable, there are session utilities out there. I have never worked with any and just pass a session variable in the query string which is my own encrypted mess.
|
|
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56232
|
|
With all due respect to Jeff, that's not a very secure algorithm.
What's more common is to hash the password using a digest encoding (MD5 or other algorithm), and store the hashed value.
When a password is to be authenticated, it is also hashed and compared against the stored value. The same starting string will result in the same hash.
Note that the hashed password is never decoded... that is in fact not possible; digest encoding is one-way only. But that's no problem since you don't ever need to decode the password back to its original form in order to perform authentication.
hth,
bear
|
[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
|
|
Jeff Grant
Ranch Hand
Joined: Dec 19, 2001
Posts: 169
|
|
I needed to be able to decrypt my passwords as I used the same method for other values I was passing in the query string which I did not want easily editable.
I know it's not super secure... but for what I was working on at the time, it was more than sufficient.
|
|
Rakesh Gadre
Ranch Hand
Joined: Feb 22, 2003
Posts: 47
|
|
Thanx Bear Bibeault , Jeff Grant
I'll be glad if you help me with a sample code.
thanx again
|
|
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56232
|
|
Check out the java.security.MessageDigest class. It's pretty straight-forward to use.
hth,
Bear
|
|
 |
|
|
subject: Password Encryption
|
|
|
0
