File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java in General and the fly likes Java Cryptography Extension giving me different result every time Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Java Cryptography Extension giving me different result every time" Watch "Java Cryptography Extension giving me different result every time" New topic
Author

Java Cryptography Extension giving me different result every time

sa sam
Ranch Hand

Joined: Mar 01, 2009
Posts: 46
i am using Java Cryptography Extension to encrypt/decrypt the password but it is giving me different encrypted string every time even though i am passing same string my sample code is as follows -

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;


public class Main {

public static void main(String arg[]) throws Exception {
for ( int i= 0 ; i < 1; i ++)
{
System.out.println(encrypt("admin"));
}
}

public static String encrypt(String x) throws Exception {
String pass = null ;
try{
KeyGenerator keygenerator = KeyGenerator.getInstance("AES");
keygenerator.init(128);
SecretKey myDesKey = keygenerator.generateKey();
Cipher desCipher;
desCipher = Cipher.getInstance("AES");
desCipher.init(Cipher.ENCRYPT_MODE, myDesKey);
byte[] text = x.getBytes();
byte[] textEncrypted = desCipher.doFinal(text);
pass = textEncrypted.toString();
}catch(Exception e){
e.printStackTrace();
}
return pass;
}
}


Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14074
    
  16

Please UseCodeTags when you post source code.


Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 7 API documentation
Scala Notes - My blog about Scala
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14074
    
  16

You get a different result each time because you are generating a new, random encryption key every time.

You should generate the key only once, and then store it and re-use it for encrypting and decrypting.
sa sam
Ranch Hand

Joined: Mar 01, 2009
Posts: 46
Actually, i want to store that value into the database,
i will be very thankful if you gave me the example.
(just want to develop login page)
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

You're asking how to store a value into a database?
sa sam
Ranch Hand

Joined: Mar 01, 2009
Posts: 46
i am not asking how to store value. i am asking about, how to get constant encryption value.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Jesper Young wrote:You should generate the key only once, and then store it and re-use it for encrypting and decrypting.
Garrett Rowe
Ranch Hand

Joined: Jan 17, 2006
Posts: 1296
Actually you should never need to decrypt the password. All you need is a one way hash, you can then store the hashed password in the database. When the user goes to login, you just hash the password that the user enters by the same method and check whether the two hashes are the same. You should also salt the password with a random salt to help prevent multiple accounts from being compromised using a rainbow table should your database become compromised. The salt can be stored in the database along with the hashed password. All this can easily be done using java.security.MessageDigest, and java.security.SecureRandom.



Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them. - Laurence J. Peter
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14074
    
  16

ajay chavan wrote:i am not asking how to store value. i am asking about, how to get constant encryption value.

What your code above does, is like this: Every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And your questions is like: "Why does the key look different every time after I locked my door?". Answer: Because you're putting a new lock on the door every time...
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18546
    
  40

Jesper Young wrote:
ajay chavan wrote:i am not asking how to store value. i am asking about, how to get constant encryption value.

What your code above does, is like this: Every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And your questions is like: "Why does the key look different every time after I locked my door?". Answer: Because you're putting a new lock on the door every time...



Also, the key is not saved by the encrypt() method... so it more like "every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And throw away the key once you drive off".

Henry


Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

That's even *more* secure than a one-time pad, it's like a *no*-time pad!

Finally, I can make my mark on sci.crypt!!
 
jQuery in Action, 2nd edition
 
subject: Java Cryptography Extension giving me different result every time
 
Similar Threads
Help please: Encrypt, save to file, then decrypt later to read
AES Encryption/Decrypton
AES decryption - InvalidKeyException: Parameters missing
Help please: Encrypt, save to file, then decrypt later to read
padding problem with AES(help)