This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java Cryptography Extension giving me different result every time

 
sa sam
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am using Java Cryptography Extension to encrypt/decrypt the password but it is giving me different encrypted string every time even though i am passing same string my sample code is as follows -

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;


public class Main {

public static void main(String arg[]) throws Exception {
for ( int i= 0 ; i < 1; i ++)
{
System.out.println(encrypt("admin"));
}
}

public static String encrypt(String x) throws Exception {
String pass = null ;
try{
KeyGenerator keygenerator = KeyGenerator.getInstance("AES");
keygenerator.init(128);
SecretKey myDesKey = keygenerator.generateKey();
Cipher desCipher;
desCipher = Cipher.getInstance("AES");
desCipher.init(Cipher.ENCRYPT_MODE, myDesKey);
byte[] text = x.getBytes();
byte[] textEncrypted = desCipher.doFinal(text);
pass = textEncrypted.toString();
}catch(Exception e){
e.printStackTrace();
}
return pass;
}
}


 
Jesper de Jong
Java Cowboy
Saloon Keeper
Posts: 15207
36
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please UseCodeTags when you post source code.
 
Jesper de Jong
Java Cowboy
Saloon Keeper
Posts: 15207
36
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You get a different result each time because you are generating a new, random encryption key every time.

You should generate the key only once, and then store it and re-use it for encrypting and decrypting.
 
sa sam
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, i want to store that value into the database,
i will be very thankful if you gave me the example.
(just want to develop login page)
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're asking how to store a value into a database?
 
sa sam
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am not asking how to store value. i am asking about, how to get constant encryption value.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jesper Young wrote:You should generate the key only once, and then store it and re-use it for encrypting and decrypting.
 
Garrett Rowe
Ranch Hand
Posts: 1296
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually you should never need to decrypt the password. All you need is a one way hash, you can then store the hashed password in the database. When the user goes to login, you just hash the password that the user enters by the same method and check whether the two hashes are the same. You should also salt the password with a random salt to help prevent multiple accounts from being compromised using a rainbow table should your database become compromised. The salt can be stored in the database along with the hashed password. All this can easily be done using java.security.MessageDigest, and java.security.SecureRandom.


 
Jesper de Jong
Java Cowboy
Saloon Keeper
Posts: 15207
36
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ajay chavan wrote:i am not asking how to store value. i am asking about, how to get constant encryption value.

What your code above does, is like this: Every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And your questions is like: "Why does the key look different every time after I locked my door?". Answer: Because you're putting a new lock on the door every time...
 
Henry Wong
author
Marshal
Pie
Posts: 20894
75
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jesper Young wrote:
ajay chavan wrote:i am not asking how to store value. i am asking about, how to get constant encryption value.

What your code above does, is like this: Every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And your questions is like: "Why does the key look different every time after I locked my door?". Answer: Because you're putting a new lock on the door every time...



Also, the key is not saved by the encrypt() method... so it more like "every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And throw away the key once you drive off".

Henry
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's even *more* secure than a one-time pad, it's like a *no*-time pad!

Finally, I can make my mark on sci.crypt!!
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic