Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Password Encryption

 
Rakesh Gadre
Ranch Hand
Posts: 47
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am working on an application using JSP, Oracle. I am accepting username and password from the users and storing in the database. But, my requirement is that I want to encrypt / Decrypt the password so that it will be more secure. Can anyone guide me in this regard ??
thanx in advance
 
Jeff Grant
Ranch Hand
Posts: 169
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just think of some simple math function to put to the characters in the password is my best suggestion. In the past I had been known to take the ASCII value of each letter and add multiply them by a the first number of that ASCII value. Then I added a random number which I stored at the end of the number for later retrieval.
Really, once you have your idea of how you'd like to encrypt a password, it's pretty simple. Coming up with an idea on the encryption which is sufficient for you might be a little bit harder if you require high security.
If you are talking for database storage, then this is a good way to go. If you are talking for passing the values for use as a session variable, there are session utilities out there. I have never worked with any and just pass a session variable in the query string which is my own encrypted mess.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64182
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With all due respect to Jeff, that's not a very secure algorithm.
What's more common is to hash the password using a digest encoding (MD5 or other algorithm), and store the hashed value.
When a password is to be authenticated, it is also hashed and compared against the stored value. The same starting string will result in the same hash.
Note that the hashed password is never decoded... that is in fact not possible; digest encoding is one-way only. But that's no problem since you don't ever need to decode the password back to its original form in order to perform authentication.
hth,
bear
 
Jeff Grant
Ranch Hand
Posts: 169
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I needed to be able to decrypt my passwords as I used the same method for other values I was passing in the query string which I did not want easily editable.
I know it's not super secure... but for what I was working on at the time, it was more than sufficient.
 
Rakesh Gadre
Ranch Hand
Posts: 47
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanx Bear Bibeault , Jeff Grant
I'll be glad if you help me with a sample code.
thanx again
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64182
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check out the java.security.MessageDigest class. It's pretty straight-forward to use.
hth,
Bear
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic