• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

howto encrypt and decrypt password ?

 
Nakata kokuyo
Ranch Hand
Posts: 467
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi good day, if i'm using following to encrypt password, how to i compare with encrypted password

say i'm using following method to encrypt


and insert into database table



but howto i descrypt back the encrypted password ?

thank you
 
Tim LeMaster
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't - SHA-1 and things like it are one-way hashes. The way you test if an incoming password matches is to do SHA-1 against the incoming password and see if the hashes match.

That way your passwords aren't recoverable if someone compromises your password file/database.

You should also read up on SHA-1 attack methods, there exists a method for producing SHA-1 collisions fairly quickly.
[ October 03, 2006: Message edited by: Tim LeMaster ]
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hash them both, and compare.

-Cameron McKenzie
 
Nakata kokuyo
Ranch Hand
Posts: 467
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for reply, is there an algorithm can use for encrypt and decrypt(2 ways) password? i actually just need to avoid user read the password directly, any sample will highly appreciated , thank you
 
Tim LeMaster
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sure there is you need to look at Crypto not MessageDigest.

However do you need to be able to recover the password? This generally is a bad idea, you can provide a way to reset it, not get the existing one.
[ October 03, 2006: Message edited by: Tim LeMaster ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic