This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Beginning Java and the fly likes Password shuffling Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Beginning Java
Bookmark "Password shuffling" Watch "Password shuffling" New topic
Author

Password shuffling

Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
Hi guys,

In my application i am going to save the password in a file in the machine for easy extraction. I already encrypt the password.But as an extra protection, i would like to shuffle the password before encrypting, so that even if someone decrypt it, it will be no use to him.But before using the password i need to reshuffle it back to original.

I am planning for the same function which can both shuffle and un-shuffle.more like a symmetric shuffle. All codes i wrote were too simple, a shuffle. anyone got any ideas or snippets?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60740
    
  65

"Arjun", please check your private messages for an important administrative matter.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Mark Vedder
Ranch Hand

Joined: Dec 17, 2003
Posts: 624

I'm not sure that shuffling is going to provide a lot of extra security. If someone can decrypt the password, then the fact that the characters are in a random order won't put up much of a barrier. They will have all the characters withing the password and would merely need to try them in all possible orders. Something a simple program could do relatively easily.

That being said, any shuffling routine you write would need to have some pattern as to how to shuffle the characters so that it could than unshuffle them. Once this pattern or algorithm is cracked, any password could than be unshuffled. To make the cracking harder, it would be better if the pattern used varied in some way. But you would need a way to track that pattern so you know person A's password was shuffled with pattern X and person B's password was shuffled with pattern Y. You could base the pattern on the something like the number of characters in the password; or include some pattern indicator in with the password. But again, here is seems to me that you would simply be developing a form of very basic encryption.
Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
what if i put in a few random characters into the password before scrambling. once unscrambled , i can remove the characters from definite positions.
[ December 06, 2008: Message edited by: Arjun Suresh ]
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18497
    
  40

Originally posted by Arjun Suresh:
what if i put in a few random characters into the password before scrambling. once unscrambled , i can remove the characters from definite positions.



And what's preventing someone from removing those random characters?

I agree. This doesn't provide any extra security. The encryption is way more harder to break than any "munging". I would put the effort into ensuring that the encryption keys are strong, and keeping the keys safe, than add a few characters and bit shifts.

Henry


Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
So what will be the best method to secure that password in a file?. Believe me, that file will be open for all and i want to make sure that the password is safe and secure.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19649
    
  18

Use a strong encryption algorithm with a strong key, and keep that key private.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
the issue is algorithm is AES ..so no worries there. I need to save the key in the file. I cant maintain one more key to secure this key. I am in a fix.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Password shuffling
 
Similar Threads
Other Shuffling question
Card Shuffle Problem
How to handle Large Lists
WA #1.....word association
Collections.shuffle problem