This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Java in General and the fly likes howto encrypt and decrypt password ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "howto encrypt and decrypt password ?" Watch "howto encrypt and decrypt password ?" New topic
Author

howto encrypt and decrypt password ?

Nakata kokuyo
Ranch Hand

Joined: Apr 13, 2005
Posts: 438
hi good day, if i'm using following to encrypt password, how to i compare with encrypted password

say i'm using following method to encrypt


and insert into database table



but howto i descrypt back the encrypted password ?

thank you
Tim LeMaster
Ranch Hand

Joined: Aug 31, 2006
Posts: 226
You don't - SHA-1 and things like it are one-way hashes. The way you test if an incoming password matches is to do SHA-1 against the incoming password and see if the hashes match.

That way your passwords aren't recoverable if someone compromises your password file/database.

You should also read up on SHA-1 attack methods, there exists a method for producing SHA-1 collisions fairly quickly.
[ October 03, 2006: Message edited by: Tim LeMaster ]
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper

Joined: Aug 26, 2006
Posts: 4968
    
    1

hash them both, and compare.

-Cameron McKenzie
Nakata kokuyo
Ranch Hand

Joined: Apr 13, 2005
Posts: 438
thanks for reply, is there an algorithm can use for encrypt and decrypt(2 ways) password? i actually just need to avoid user read the password directly, any sample will highly appreciated , thank you
Tim LeMaster
Ranch Hand

Joined: Aug 31, 2006
Posts: 226
Sure there is you need to look at Crypto not MessageDigest.

However do you need to be able to recover the password? This generally is a bad idea, you can provide a way to reset it, not get the existing one.
[ October 03, 2006: Message edited by: Tim LeMaster ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: howto encrypt and decrypt password ?
 
Similar Threads
howto: Date arithmatic ?
howto read a parameter from the URL (AS IS)
struts2: howto ajax-validate with annotation?
howto config two security-constraints?
HowTo: Advice Bean deployed on JBoss