• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

howto encrypt and decrypt password ?

 
Ranch Hand
Posts: 472
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi good day, if i'm using following to encrypt password, how to i compare with encrypted password

say i'm using following method to encrypt


and insert into database table



but howto i descrypt back the encrypted password ?

thank you
 
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You don't - SHA-1 and things like it are one-way hashes. The way you test if an incoming password matches is to do SHA-1 against the incoming password and see if the hashes match.

That way your passwords aren't recoverable if someone compromises your password file/database.

You should also read up on SHA-1 attack methods, there exists a method for producing SHA-1 collisions fairly quickly.
[ October 03, 2006: Message edited by: Tim LeMaster ]
 
author and cow tipper
Posts: 5009
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hash them both, and compare.

-Cameron McKenzie
 
Nakata kokuyo
Ranch Hand
Posts: 472
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks for reply, is there an algorithm can use for encrypt and decrypt(2 ways) password? i actually just need to avoid user read the password directly, any sample will highly appreciated , thank you
 
Tim LeMaster
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sure there is you need to look at Crypto not MessageDigest.

However do you need to be able to recover the password? This generally is a bad idea, you can provide a way to reset it, not get the existing one.
[ October 03, 2006: Message edited by: Tim LeMaster ]
reply
    Bookmark Topic Watch Topic
  • New Topic