Nischint Ramesh

Greenhorn
+ Follow
since May 18, 2011
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Nischint Ramesh

James Sabre wrote:Your code for writing and reading the key is seriously flawed. You must close the key file when writing it and you cannot rely on the read() to read the whole of your key file when reading it. Read the Javadoc for InputStream.read(byte[] ) to see why. The safest way to read the file is to use DataInputStream.readFully(). For example -

Though failure of your read() to read the whole key could cause the BadPaddingException I have never seen this problem on a lightly loaded system.

The difficulty I had with your code is that you don't return the ciphertext or cleartext from your encrypt() and decrypt() methods yet you say your BadPaddingException occurs only when you do! After changing your code so it returns the cleartext/ciphertext I don't see your problem and don't get the BadPaddingException. There are three common causes of BadPaddingException. First if the key used is incorrect, second if the ciphertext is corrupted and third if you try to decrypt something that is not encrypted. From you test harness I suspect you are trying to decrypt something that has not been encrypted OR that your key is not being read or written propperly.

Note - it is considered insecure to encrypt and store passwords. It is normally better to use a randomly seeded hashing so that nobody can easily obtain the original password from the hashed password. Even if you do have to encrypt the passwords, it is not considered secure to use ECB mode (the mode you get by default) since it is open to fraud by splicing of ciphertext and more worryingly it will allow someone with access to the database to determine which people have the same password. You should use something like CBC mode with a random IV.



Thanks a lot for your code for reading and writing keys. I shall surely use the method you suggested.

I found the problem of BadPaddingException. The application was truncating the ciphertext to 20 characters as it was a default length used in the app. Thing is , There is lots of code in between the encrypting, storing and decrypting logic above. I have just posted the logic that I thought the problem would exist.

About your note of using a one way hash algorithm for storing passwords, cannot be done in the case of my requirement, as there would be no prompting user for password and checking against the hash on the other end. I'm basically "sending the password of some machine to someone who doesn't know what his password is".

I shall look into CBC mode for block. I do not know what a IV is. Could you just guide me regarding CBC and random IV.?

Thanks a lot again.
11 years ago
Hi All,
My Requirement : I have to encrypt a password entered in JPasswordField. After encryption store it in a file. Also I have to decrypt the password for some application purposes which shouldn't matter. I have to decrypt and get the password back is all.

I found the following code to be working :


I change the value of mode to decrypt and text to the encrypted string ( just copied and pasted from console ), the code works fine. No BadPaddingException whatsoever.
I have integrated the above class into my application ( without the main method of course ). Now I call encrypt and decrypt static methods.
Now when I do the following:

I get a BadPaddingException : Given final block not properly padded after the last code line. What could be the reason guys.? The first code with main class works fine (please let me know if it shouldn't).
11 years ago