aspose file tools*
The moose likes Security and the fly likes Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Authentication" Watch "Authentication" New topic
Author

Authentication

Gaurav Aggarwall
Greenhorn

Joined: Aug 29, 2009
Posts: 22
I am making my major project using core java.
Can anybody please tell me how to encrypt the authentication data.
I want to store the user information in encrypted form in the database.


SCJP 1.5
Lester Burnham
Rancher

Joined: Oct 14, 2008
Posts: 1337
What are you trying to guard against - rogue system administrators or intruders? Encrypting data means that you need to keep an encryption key somewhere - which is just as valuable as the actual data, because it can be used to get at it.

Apart from that, the usual approach for passwords is not to encrypt them, but to hash them (or digest them); that way, nobody can ever get at them.
Mike Peters
Ranch Hand

Joined: Oct 10, 2009
Posts: 67

Lester Burnham wrote:Apart from that, the usual approach for passwords is not to encrypt them, but to hash them (or digest them); that way, nobody can ever get at them.


Or use an asymmetric cipher.


Mike Peters
Gaurav Aggarwall
Greenhorn

Joined: Aug 29, 2009
Posts: 22
I am creating separate authentication for normal users and administrators. Administrator has all the privileges, user can only read & write his own data. For outside world, they wont be able to access application without login. I don't know much about hashing. can you give me some tutorial about how to use hashing for authentication purpose??
Lester Burnham
Rancher

Joined: Oct 14, 2008
Posts: 1337
Does that mean your main reason for wanting to use encryption is not sys admins and intruders? If so, then encryption probably doesn't provide anything useful.

http://www.aspheute.com/english/20040105.asp explains why and how to use digests for passwords.
Gaurav Aggarwall
Greenhorn

Joined: Aug 29, 2009
Posts: 22
Hi, i want to implement the authentication using jasypt-1.6
I downloaded it but dont know how to install it.

Please give me some tutorial on how to install this package and use it. jasypt-1.6 satisfies all my requirements.
i want to implement SHA-1 algorithm using it.
I found an extremely nice tutorial for authentication.

jasypt 1.6
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42286
    
  64
The jasypt library is about encryption, not authentication. What are you actually trying to accomplish?

As an aside, you don't need any library to use SHA-1 (which you shouldn't be using to begin with due to its vulnerabilities - use SHA-2 instead).


Ping & DNS - my free Android networking tools app
Gaurav Aggarwall
Greenhorn

Joined: Aug 29, 2009
Posts: 22
I am making my final year project on office automation. I am using only core java.
For application's authentication purpose, i want to use hash algorithm and store generated hash value into database, so that if somebody get into the database, he may not get the password. whenever a user enter login details, his password is passed through hash algorithm and generated value is compared with stored value.
I hope you understood what am i trying to do.
For this purpose i want to use jaysypt.
Mike Peters
Ranch Hand

Joined: Oct 10, 2009
Posts: 67

As an addition to Ulf's advice: http://download.oracle.com/javase/6/docs/api/java/security/MessageDigest.html
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentication