*
The moose likes Servlets and the fly likes how to encrypt the text Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "how to encrypt the text" Watch "how to encrypt the text" New topic
Author

how to encrypt the text

Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
hi all
i have a database which has got the information regarding the user (ie it contains the user name and password associated to it) i have a requirement to be ment the client is asking for the password to be saved in the encrypted format. the same tabele is used by the user when he trys to log into the system.
my requirement in a nut shell is some thing like this
supose their is a user with details of
user name : srinath
password : srinath
the above information should be stored into database as
user name : srinath
password : 2d3w1df (some encrypted formate)
but when he logsin he will be typing srinath in the user text box and srinath in the password text box and should be allowed to log in
now my requirement is i need to encrypt and decrypt this password how do i do this.
kindly respond as early as posible
expecting responce
srinath
Dorj Galaa
Ranch Hand

Joined: May 29, 2001
Posts: 113
what kind of SQL?


Senior software engineer
Dorj Galaa
Ranch Hand

Joined: May 29, 2001
Posts: 113
try use Java Cryptography
Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
hi
its sql server that i am using it could be even access depending upon the client
if some body could give the pseudo code, as, how to go bout the complete procedure it would be very helpful
srinath
Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
Srinath,
You problem can be easily resolved in 1 of two ways.
you either perform a hash function on the passwords so that gives u a unique coding of the password, provided this hash function is reversible.
the other way you can have one-way encryption .. so u can save yourself the trouble of decrypting.
when the user logs on with a password it gets encrypted with the same function and then compared to the encrypted password that's saved
you can try to find functions that perform md5 encryption or even DES or 3DES
i beleive they're somewhere on the net

------------------
KaReEm


<b><i>KaReEm</i><br /><ul type="square"><li>SCJP-Free Range Web Developer <br /></ul></b>
James Hobson
Ranch Hand

Joined: Aug 28, 2001
Posts: 140
The easiest way I know of is to use:
java.security.MessageDigest
to MD5 encypher the password.
This is absolutely standard (see a UNIX passwd or shadow file -- the passwords there are digested not encrypted).
The difference, for those who dont know, is that encryption is reversible, MD5 digesting is one-way.
If you are encrpting and de-crypting in your server, then there is a hole for a "hacker" to use your logic to steal passwords -- hashes must, by there nature be brute forced.
James
Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
hi all
i am very new to this world of encryption and decryption if some body could plz give some sample code or a sample flow it would be realy great.
all these words (like messagedigest,DES , 3DES) seems to be alians to me i have heard bout them but do not realy know how they work if u could give me a sample gist of what to do it would b great.
srinath
SRINI VASAN
Ranch Hand

Joined: Aug 29, 2000
Posts: 48
Hai,
For Network secuirty in Java ther eis a wonderful book called JAVA NETWORK SECURITY which teaches u about secuirity in java. In case if u dont wanna read too much see teh code which i saw it in a website for MD5 .. I donno how tough the algorithm is..
Give it a try ..

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0055)http://www.geocities.com/SiliconValley/7116/jv_md5.html -->
<HTML><HEAD><TITLE>MD5 Message Digest algorithm in Javascript</TITLE>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<SCRIPT>
<!--//--><H4>You don't have a Javascript capable browser. </H4>
<!--//-->Then you won't be able to test this code. However, you
<!--//-->can still download it.<BR><BR><HR>
<!--
/*
* md5.jvs 1.0b 27/06/96
*
* Javascript implementation of the RSA Data Security, Inc. MD5
* Message-Digest Algorithm.
*
* Copyright (c) 1996 Henri Torgemane. All Rights Reserved.
*
* Permission to use, copy, modify, and distribute this software
* and its documentation for any purposes and without
* fee is hereby granted provided that this copyright notice
* appears in all copies.
*
* Of course, this soft is provided "as is" without express or implied
* warranty of any kind.
*/
function array(n) {
for(i=0;i<n;i++) this[i]=0;
this.length=n;
}
/* Some basic logical functions had to be rewritten because of a bug in
* Javascript.. Just try to compute 0xffffffff >> 4 with it..
* Of course, these functions are slower than the original would be, but
* at least, they work!
*/
function integer(n) { return n%(0xffffffff+1); }
function shr(a,b) {
a=integer(a);
b=integer(b);
if (a-0x80000000>=0) {
a=a%0x80000000;
a>>=b;
a+=0x40000000>>(b-1);
} else
a>>=b;
return a;
}
function shl1(a) {
a=a%0x80000000;
if (a&0x40000000==0x40000000)
{
a-=0x40000000;
a*=2;
a+=0x80000000;
} else
a*=2;
return a;
}
function shl(a,b) {
a=integer(a);
b=integer(b);
for (var i=0;i<b;i++) a=shl1(a);
return a;
}
function and(a,b) {
a=integer(a);
b=integer(b);
var t1=(a-0x80000000);
var t2=(b-0x80000000);
if (t1>=0)
if (t2>=0)
return ((t1&t2)+0x80000000);
else
return (t1&b);
else
if (t2>=0)
return (a&t2);
else
return (a&b);
}
function or(a,b) {
a=integer(a);
b=integer(b);
var t1=(a-0x80000000);
var t2=(b-0x80000000);
if (t1>=0)
if (t2>=0)
return ((t1|t2)+0x80000000);
else
return ((t1|b)+0x80000000);
else
if (t2>=0)
return ((a|t2)+0x80000000);
else
return (a|b);
}
function xor(a,b) {
a=integer(a);
b=integer(b);
var t1=(a-0x80000000);
var t2=(b-0x80000000);
if (t1>=0)
if (t2>=0)
return (t1^t2);
else
return ((t1^b)+0x80000000);
else
if (t2>=0)
return ((a^t2)+0x80000000);
else
return (a^b);
}
function not(a) {
a=integer(a);
return (0xffffffff-a);
}
/* Here begin the real algorithm */
var state = new array(4);
var count = new array(2);
count[0] = 0;
count[1] = 0;
var buffer = new array(64);
var transformBuffer = new array(16);
var digestBits = new array(16);
var S11 = 7;
var S12 = 12;
var S13 = 17;
var S14 = 22;
var S21 = 5;
var S22 = 9;
var S23 = 14;
var S24 = 20;
var S31 = 4;
var S32 = 11;
var S33 = 16;
var S34 = 23;
var S41 = 6;
var S42 = 10;
var S43 = 15;
var S44 = 21;
function F(x,y,z) {
return or(and(x,y),and(not(x),z));
}
function G(x,y,z) {
return or(and(x,z),and(y,not(z)));
}
function H(x,y,z) {
return xor(xor(x,y),z);
}
function I(x,y,z) {
return xor(y ,or(x , not(z)));
}
function rotateLeft(a,n) {
return or(shl(a, n),(shr(a,(32 - n))));
}
function FF(a,b,c,d,x,s,ac) {
a = a+F(b, c, d) + x + ac;
a = rotateLeft(a, s);
a = a+b;
return a;
}
function GG(a,b,c,d,x,s,ac) {
a = a+G(b, c, d) +x + ac;
a = rotateLeft(a, s);
a = a+b;
return a;
}
function HH(a,b,c,d,x,s,ac) {
a = a+H(b, c, d) + x + ac;
a = rotateLeft(a, s);
a = a+b;
return a;
}
function II(a,b,c,d,x,s,ac) {
a = a+I(b, c, d) + x + ac;
a = rotateLeft(a, s);
a = a+b;
return a;
}
function transform(buf,offset) {
var a=0, b=0, c=0, d=0;
var x = transformBuffer;

a = state[0];
b = state[1];
c = state[2];
d = state[3];

for (i = 0; i < 16; i++) {
x[i] = and(buf[i*4+offset],0xff);
for (j = 1; j < 4; j++) {
x[i]+=shl(and(buf[i*4+j+offset] ,0xff), j * 8);
}
}
/* Round 1 */
a = FF ( a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
d = FF ( d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
c = FF ( c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
b = FF ( b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
a = FF ( a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
d = FF ( d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
c = FF ( c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
b = FF ( b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
a = FF ( a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
d = FF ( d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
c = FF ( c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
b = FF ( b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
a = FF ( a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
d = FF ( d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
c = FF ( c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
b = FF ( b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
a = GG ( a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
d = GG ( d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
c = GG ( c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
b = GG ( b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
a = GG ( a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
d = GG ( d, a, b, c, x[10], S22, 0x2441453); /* 22 */
c = GG ( c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
b = GG ( b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
a = GG ( a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
d = GG ( d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
c = GG ( c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
b = GG ( b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
a = GG ( a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
d = GG ( d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
c = GG ( c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
b = GG ( b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
a = HH ( a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
d = HH ( d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
c = HH ( c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
b = HH ( b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
a = HH ( a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
d = HH ( d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
c = HH ( c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
b = HH ( b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
a = HH ( a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
d = HH ( d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
c = HH ( c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
b = HH ( b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
a = HH ( a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
d = HH ( d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
c = HH ( c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
b = HH ( b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
a = II ( a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
d = II ( d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
c = II ( c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
b = II ( b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
a = II ( a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
d = II ( d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
c = II ( c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
b = II ( b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
a = II ( a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
d = II ( d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
c = II ( c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
b = II ( b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
a = II ( a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
d = II ( d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
c = II ( c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
b = II ( b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
state[0] +=a;
state[1] +=b;
state[2] +=c;
state[3] +=d;
}
function init() {
count[0]=count[1] = 0;
state[0] = 0x67452301;
state[1] = 0xefcdab89;
state[2] = 0x98badcfe;
state[3] = 0x10325476;
for (i = 0; i < digestBits.length; i++)
digestBits[i] = 0;
}
function update(b) {
var index,i;

index = and(shr(count[0],3) , 0x3f);
if (count[0]<0xffffffff-7)
count[0] += 8;
else {
count[1]++;
count[0]-=0xffffffff+1;
count[0]+=8;
}
buffer[index] = and(b,0xff);
if (index >= 63) {
transform(buffer, 0);
}
}
function finish() {
var bits = new array(8);
varpadding;
vari=0, index=0, padLen=0;
for (i = 0; i < 4; i++) {
bits[i] = and(shr(count[0],(i * 8)), 0xff);
}
for (i = 0; i < 4; i++) {
bits[i+4]=and(shr(count[1],(i * 8)), 0xff);
}
index = and(shr(count[0], 3) ,0x3f);
padLen = (index < 56) ? (56 - index) : (120 - index);
padding = new array(64);
padding[0] = 0x80;
for (i=0;i<padLen;i++)
update(padding[i]);
for (i=0;i<8;i++)
update(bits[i]);
for (i = 0; i < 4; i++) {
for (j = 0; j < 4; j++) {
digestBits[i*4+j] = and(shr(state[i], (j * 8)) , 0xff);
}
}
}
/* End of the MD5 algorithm */
function hexa(n) {
var hexa_h = "0123456789abcdef";
var hexa_c="";
var hexa_m=n;
for (hexa_i=0;hexa_i<8;hexa_i++) {
hexa_c=hexa_h.charAt(Math.abs(hexa_m)%16)+hexa_c;
hexa_m=Math.floor(hexa_m/16);
}
return hexa_c;
}

var ascii="01234567890123456789012345678901" +
" !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ"+
"[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
function MD5(entree)
{
var l,s,k,ka,kb,kc,kd;
init();
for (k=0;k<entree.length;k++) {
l=entree.charAt(k);
update(ascii.lastIndexOf(l));
}
finish();
ka=kb=kc=kd=0;
for (i=0;i<4;i++) ka+=shl(digestBits[15-i], (i*8));
for (i=4;i<8;i++) kb+=shl(digestBits[15-i], ((i-4)*8));
for (i=8;i<12;i++) kc+=shl(digestBits[15-i], ((i-8)*8));
for (i=12;i<16;i++) kd+=shl(digestBits[15-i], ((i-12)*8));
s=hexa(kd)+hexa(kc)+hexa(kb)+hexa(ka);
return s;
}
/* This implement the MD5 test suite */
var testOk=false;
function teste() {
if (testOk) return;
document.test.o1.value=MD5(document.test.i1.value);
document.test.o2.value=MD5(document.test.i2.value);
document.test.o3.value=MD5(document.test.i3.value);
document.test.o4.value=MD5(document.test.i4.value);
document.test.o5.value=MD5(document.test.i5.value);
document.test.o6.value=MD5(document.test.i6.value);
document.test.o7.value=MD5(document.test.i7.value);
testOk=true;
}
// -->
</SCRIPT>
<META content="MSHTML 5.00.2314.1000" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff>
<CENTER><!-- <SERVICE NAME="geoguide"> -->
<TABLE bgColor=#666666 border=0 cellPadding=1 cellSpacing=0 width=468>
<TBODY>
<TR>
<TD>
<TABLE bgColor=#eeeeee border=0 cellPadding=2 cellSpacing=0
width="100%"><TBODY>
<TR>
<TD bgColor=#ffffff><A
href="http://geocities.yahoo.com/addons/interact/mbe.html"><IMG
alt="Yahoo! GeoCities Member Banner Exchange" border=0 height=20
src="MD5 Message Digest algorithm in Javascript_files/mbeFFFFFF.gif"
width=335></A></TD>
<TD align=right bgColor=#ffffff><FONT face=Arial size=-1><A
href="http://geocities.yahoo.com/addons/interact/mbe.html">Info</A></FONT> </TD></TR></TBODY></TABLE></TD></TR></TBODY> ;</TABLE>
<TABLE border=0 cellPadding=0 cellSpacing=0 width=468>
<TBODY>
<TR>
<TD height=1 vAlign=top></TD></TR>
<TR>
<TD vAlign=top>
<SCRIPT language=javascript
src="MD5 Message Digest algorithm in Javascript_files/toto.js"></SCRIPT>
</TD></TR></TBODY></TABLE><!-- </SERVICE> --></CENTER><A
href="http://www.geocities.com/SiliconValley/7116/jv_main.html"><IMG
alt="Back to JS main page" height=33
src="MD5 Message Digest algorithm in Javascript_files/java.gif" width=33></A>
<P>BY:<A href="mailto:Henri.Torgemane@etu.utc.fr">Henri Torgemane</A>...<A
href="http://www.undergrad.math.uwaterloo.ca/~htorgema/">Homepage</A><BR>DATE:1996-10-07<BR>
<HR>
<H1>MD5 Message Digest algorithm in Javascript </H1>
<UL>
<LI><A href="http://www.geocities.com/SiliconValley/7116/jv_md5.html#test"
onclick=teste()>MD5 test suite </A>(You must click here to launch the test)
<BR><BR>
<LI><A href="http://www.geocities.com/SiliconValley/7116/jv_md5.html#try">Try
it!</A> <BR><BR></LI></UL>This code was succesfully tested with Netscape 2.0 and
Netscape 3.0b4. <BR>
<HR>
<A name=test>
<H2>MD5 test suite </H2>
<FORM name=test>In:<INPUT name=i1 size=50><BR>Out:<INPUT name=o1
size=35><BR>In:<INPUT name=i2 size=50 value=a><BR>Out:<INPUT name=o2
size=35><BR>In:<INPUT name=i3 size=50 value=abc><BR>Out:<INPUT name=o3
size=35><BR>In:<INPUT name=i4 size=50 value="message digest"><BR>Out:<INPUT
name=o4 size=35><BR>In:<INPUT name=i5 size=50
value=abcdefghijklmnopqrstuvwxyz><BR>Out:<INPUT name=o5 size=35><BR>In:<INPUT
name=i6 size=50
value=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789><BR>Out:<INPUT
name=o6 size=35><BR>In:<INPUT name=i7 size=50
value=12345678901234567890123456789012345678901234567890123456789012345678901234567890><BR>Out:<INPUT
name=o7 size=35><BR><!--
<INPUT type="button" value="Start the Test" OnClick="test()">
--></FORM>
<HR>
</A><A name=try>
<H2>Try it!</H2>
<FORM>Enter your message: <INPUT name=entree size=50> <INPUT onclick=this.form.sortie.value=MD5(this.form.entree.value) type=button value="Click here to run MD5">
<BR><BR>fingerprint: <INPUT name=sortie size=35> </FORM>
<SCRIPT>
<!--
if (location.hash=="#test") teste();
// -->
</SCRIPT>
<HR>
If you want this script just choose "Save Frame As..." (in Netscape) when you
have the focus on the frame.
<P><!--webbot bot="HTMLMarkup" startspan -->
<SCRIPT
src="MD5 Message Digest algorithm in Javascript_files/externalfoot.js"></SCRIPT>
<!--webbot
bot="HTMLMarkup" endspan --></P>
<P><I>URL: http://www.geocities.com/SiliconValley/7116/jv_md5.html</I> <!-- text below generated by server. PLEASE REMOVE --></APPLET></OBJECT></LAYER>
<DIV></DIV></SPAN></STYLE></NOSCRIPT></TABLE></SCRIPT>
<SCRIPT language=JavaScript
src="MD5 Message Digest algorithm in Javascript_files/ygIELib9.js"></SCRIPT>
<SCRIPT
language=JavaScript><script language="JavaScript">yviR='us';yfiEA(1);</SCRIPT>
<SCRIPT language=JavaScript
src="MD5 Message Digest algorithm in Javascript_files/geov2.js"></SCRIPT>
<SCRIPT language=javascript>geovisit();</SCRIPT>
<NOSCRIPT><IMG border=0 height=1
src="MD5 Message Digest algorithm in Javascript_files/visit.gif"
width=1></NOSCRIPT> <IMG alt=1 height=1
src="MD5 Message Digest algorithm in Javascript_files/serv.gif" width=1>
</A></BODY></HTML>

You can contact me in srinivas_an@yahoo.com
Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
hi
SRINI VASAN the code what u geve does a great job of encryption but my problem is not yet solved although it does the encryption every well it would be deficult for me to decrypt the same (i mean the encrypted text in my case the password)
the code is really very very complex i think it would take atlest a couple of days to completeley understand the code but i wonder even if i understand the code i would be able to decode the encoded text
if u can tell me a way to decrypt the encoded text it would be great..
i dont have the JAVA NETWORK SECURITY but would surely try to lay my hand on one..
srinath
Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
Srinath,
The point with message digestion is that you will not be performing decryption or message decoding after you encode it. the idea to it is that you will always encode. So when someone now trys to log in he enters his password in plain text, and submits. Your processing module be it a servlet a bean or whatever will encode this password and compare it to the already saved encoded password.
Clear now ?

------------------
KaReEm
Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
hi
their is one more problem if this encryption is to be done through the scrit. this file even if saved as .js will be redable by the user. how do i solve this now?
and if any body could tell me where to find
javax.crypto package it would be great ,i read some where that this package can be used to do the encryption but i am not able to find it on net..
srinath
Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
Check this out for the crypto package :
http://google.yahoo.com/bin/query?p=javax.crypto&hc=0&hs=0
if you don't want this encryption algorithm code to be seen by the user then u have to have it in a servlet or something that is resolved on the server side rather than on the client side.
------------------
KaReEm
Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
hi kareem
many tnx for the link
but the search results only have documentation of the package which i already have
i needed the link from where i could download javax.crypto package..
if any body could give the the link to the page where i could get the download of the package it would be great..
and kareeem
your reply made me even curious bout the complete proceess of encryption.
according to u their are 2 ways of encryption
one useing the script and the othere useing the servlet.
if i use the script the client will be able find how am i doing the encryption.
and if i follow the second option then the password has to travell through the net with out beeing encrypted.. which is again a flaw.
now how to i go bout this. kareem can u suggest me the exact process..
srinath
Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
If it is that critical for you to secure the password's passage on the net through signon process then i'd suggest that you resolve to SSL
that is a secured connection but that would require a whole lot of setup on its own, ie you'll need to get a certificate from something like verisign or comtrust or whatever and install it on your webserver and so on , then there's the issue of checking if your webserver does actually support SSL, or has a module plugin to support SSL.
I think if you just send the password on a POST request not a GET it will not be seen by the normal user, therefore more secure and then the processing servlet will do the encryption

------------------
KaReEm
Ashutosh Uprety
Ranch Hand

Joined: Nov 30, 2000
Posts: 39
surprising ... no one wrote anything about hashCode() method of java.lang.object class.
Use this. This is a one way method to encrypt ur password.
Save the password in the database by doing
string newPswd = pswd.hashCode();
then when u want to authenticate the logger, just compare this with the hash-coded value of the password he enters when he logs in. The advantages of hashCode() method are
1) Even the database administrator will not know the exact password as he can only see the encrypted format.
2) It cannot be decrypted. Chances a one in a millon ... or even more bleak .. and i am sure u r not writing a software for InterPol .. hence u may rely on its security.
Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
hi Ashutosh Uprety
i used the statement
string newPswd = pswd.hashCode();
it says incaompatable type of conversion then i checked the api hashCode() return the int value and i need an encrypted string now plz dont ask me to convert into interger and then perform toString() the get the string.
Srinath
Kareem Gad
Ranch Hand

Joined: Aug 06, 2001
Posts: 89
Ashutosh,
FYI MD5 is a hashcode
but you're totally correct, hashCode() method will do just fine.
------------------
KaReEm
Pranit Saha
Ranch Hand

Joined: Sep 09, 2001
Posts: 130
Srinath,
The asutosh's way works fine.. as i was having the same prob too.. i've done the following..
String pass = request.getParameter("Password");
int pi = pass.hashCode();
String pa = String.valueOf(pi);
I've got the same prob like u.. but i don't think there is ne prob to maintain this way..
Pranit..
Originally posted by Kareem Gad:
Ashutosh,
FYI MD5 is a hashcode
but you're totally correct, hashCode() method will do just fine.

Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
if is use the hashcode(), i dont think i will be able to decode the password since it acts like the message digest.
if at all i need to decoed what should i do.
like suppost their is a request from some user that he/she has forgot his / her password then what do i do , do i create some new password of myown and send it to him.
if i had the decode avilable i could just send the decoded password back to him .
Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
Hi Srinath,
Is it the password allowed to transfer in the internet as a plain text? I think that it would be quite big risk.
The cryprtography engines are supported in JDK 1.4 and it required to be installed on your computer. First thing to do is to generate the encryption/decryption key (example 128 bit DESede). Notice that the key generation takes around 5 secs.
import javax.crypto.*;
//next two lines might be needed
import java.security.*;
import javax.crypto.spec.DESedeKeySpec;
...
KeyGenerator keygen = KeyGenerator.getInstance("DESede");
SecretKey desedeKey = keygen.generateKey();
...

Also encryption/decryption is quite easy to do:
...
//Encryption
Cipher DESede = Cipher.getInstance("DESede");
DESede.init(Cipher.ENCRYPT_MODE, desedeKey);
byte[] cipherBytes = DESede.doFinal("cleartext".getBytes());
...
//Decryption
DESede.init(Cipher.DECRYPT_MODE, desedeKey);
byte[] clearBytes = DESede.doFinal(cipherBytes);
String clearText = new String(clearBytes);
...
Anyway, I think that this is not your answer, because DESede (TripleDES, 3DES) is a symmetric cryptography. I think you do need to use compination of asymmetric and symmetric cryptography like PGP(public and secret key pairs). Next principle could work:
1. servlet sends the servlet's public key with applet.
2. applet encrypts the password by using the servlet's public key (asymmetric encryption).
3. applet sends the encrypted password to the servlet.
4. servlet decrypts the password by using the servlet's secret key (symmetric encryption).
5. servlet decrypts also the stored password and compares it to the sent one.
I haven't done implementation with asymmetric/symmetric cryptography and I can't help there. Actually, I'm been doing work with Java only a couple months and my knowledge of Java is commonly very limitted (hardly can survive by myself).
Be patient and reserve some cups of coffee...
By the way, is it allowed that anybody can registered into the system as a new user? If your answer is NO then you still could use symmetric cryptograhy like DESede - Given secret key is used in applet side (insted of password) to decrypt and read the data.
I use this kind of system in my project and it's very reliable. Further, if your client is e.g some company and they have own Intranet, you could use two keys system (author and current keys). The author key is given for IM-admin of the company and the current key will be changed automatically e.g. daily. The author key is to used in servlet side to encrypt the system's current key before it's sent with the applet. The client have to have place (a smal servlet in own intranet) where he/she can decrypt the current key before using the system.
regards,
Jorma
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
The "standard" way of doing this is to have the server receive the plain-text password, encrypt it using whatever algorithm you use (preferably a one-way hash) and compare the encrypted version to the value stored in the DB.
Psuedo-code:
String plainTextPassword = {the password the user submitted};
String encryptedPassword = encrypt(plainTextPassword);
String dbPassword = {get the value from the db};
if( encryptedPassword.equals(dbPassword) ) {
// password matches
}
else {
// wrong password
}
When the user registers or changes his/her password, you take the plain-text password, enrypt it, and store the encrypted password in the db. If you use a one-way hash, then even if someone gains access to the db (and therefore knows the enrypted password) and knows which algorithm you used, it will still be extremely hard to derive the plain-text password.
Pseudo-code:

You should also use SSL to encrpt the password as it passed from the browser to the web server.
String plainTextPassword = {the password the user submitted};
String encryptedPassword = encrypt(plainTextPassword);
At this point, you would save the value of encryptedPassword to the DB.
Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
Hi,
I agree with Avery. The main benefit in his way is that only the owner of the password knows it. The problem in my solution is that if e.g. a hacker has access into the DB he probably has also access into the system's encryption secret key and can read all passwords and data behind of there. So, in "my" solution it's important to store the secret key very carefully and safe the system. The encryption with DESede itself is very very reliable (128 bit key) and almost impossible to break.
On the other hand, if the hacker already has an access to the system (unsafe system) he probably do not need passwords at all...
The "problem" in one-way-hash is that passwords cannot be recovered even behalf of system administrator.
The way you should use depends of security requirements. Anyway, asymmetric/symmeteric cryptography with one-way-hash sounds quite reliable. First encrypt the password (in browser) by using one-way-hash encryption and then once again by using your system public key. Decrypt it in server by using secret key and store into the DB.

Of course this is also possible to break e.g. by using "man in middle method", but it's not so easy especially if the public key is sent by using different way (or intgrated and mixed to the applet). Once again, the needed security level is important to clarify.
-Jorma-
Jayanthimeena
Greenhorn

Joined: Jul 24, 2001
Posts: 17
Hai all
I used functions, which will encrypt and decrypt the password. If u really needs it I will pass it to u.
Bye
Jayanthi.
Srinath R
Ranch Hand

Joined: Jun 28, 2000
Posts: 71
hi Jayanthimeena
it would of very much use to me if u pass it on kindly do so
srinath
shilpa kulkarni
Ranch Hand

Joined: Jun 07, 2000
Posts: 87
Simplest way would be to use functions already provided by MySQL, unless you need very high security, then you may want to go in for all the things mentioned in the above posts.
MySql has the following functions :
ENCODE(str,pass_str)
Encrypt str using pass_str as the password. To decrypt the result, use DECODE(). The results is a binary string of the same length as string. If you want to save it in a column, use a BLOB column type.
DECODE(crypt_str,pass_str)
Decrypts the encrypted string crypt_str using pass_str as the password. crypt_str should be a string returned from ENCODE().
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to encrypt the text