Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Password Encryption

 
Ben Fields
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am working on an Intranet(Financial Application) project where i need to encrypt user password and store it in database(in encrypted form).Please help me how best i could achieve this requirement with Java.
Thanks in advance.
 
Thomas Paul
mister krabs
Ranch Hand
Posts: 13974
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are several ways to do this. The easiest way is to transform the password into a message digest and store the message digest in the database. The nice thing about this is that it is a one way transition. There is no way to take a message digest and get the original password back. So whenever you want to see if the user has specified a valid passwotrd, you take the password they entered, run it through the message digest, and compare that to the password in the database. Here is a piece of the code:
//input is a byte[] containing the password entered by the user
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(input);
byte[] digest = md.digest[];
digest now contains the message digest that you need to compare to the database.
Good luck.
 
Rob Ross
Bartender
Posts: 2205
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Look at using JCE (Java Cryptography Extension); it's a standard part of JDK 1.4 (javax.crypto), but it's an optional package in previous versions of the JDK; you can d/l them from SUn.

Basically, you want to run an encryption algorithm on the password, send it to the server, and have the server compare the encrypted password to the version of the encrypted password stored in your database. If they match, the user has entered the correct password. This is the method most Unix systems use to keep the passwords secure; they're never sent in the clear.
 
Rob Ross
Bartender
Posts: 2205
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yea, Tom's example is much easier than mine, so I'd go with that.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic