What are you trying to guard against - rogue system administrators or intruders? Encrypting data means that you need to keep an encryption key somewhere - which is just as valuable as the actual data, because it can be used to get at it.
Apart from that, the usual approach for passwords is not to encrypt them, but to hash them (or digest them); that way, nobody can ever get at them.
Lester Burnham wrote:Apart from that, the usual approach for passwords is not to encrypt them, but to hash them (or digest them); that way, nobody can ever get at them.
Or use an asymmetric cipher.
Joined: Aug 29, 2009
I am creating separate authentication for normal users and administrators. Administrator has all the privileges, user can only read & write his own data. For outside world, they wont be able to access application without login. I don't know much about hashing. can you give me some tutorial about how to use hashing for authentication purpose??
Joined: Oct 14, 2008
Does that mean your main reason for wanting to use encryption is not sys admins and intruders? If so, then encryption probably doesn't provide anything useful.
Hi, i want to implement the authentication using jasypt-1.6
I downloaded it but dont know how to install it.
Please give me some tutorial on how to install this package and use it. jasypt-1.6 satisfies all my requirements.
i want to implement SHA-1 algorithm using it.
I found an extremely nice tutorial for authentication.
The jasypt library is about encryption, not authentication. What are you actually trying to accomplish?
As an aside, you don't need any library to use SHA-1 (which you shouldn't be using to begin with due to its vulnerabilities - use SHA-2 instead).
Ping & DNS - updated with new look and Ping home screen widget
Joined: Aug 29, 2009
I am making my final year project on office automation. I am using only core java.
For application's authentication purpose, i want to use hash algorithm and store generated hash value into database, so that if somebody get into the database, he may not get the password. whenever a user enter login details, his password is passed through hash algorithm and generated value is compared with stored value.
I hope you understood what am i trying to do.
For this purpose i want to use jaysypt.