Irrevrsible Password encryption.
3 posts in topic
Flat View  Flat View
Older Post First |   Reply to Topic
TOPIC ACTIONS:
 

Posted By:   mm_rao
Posted On:   Wednesday, October 23, 2002 08:12 AM

I want to write a java class which encrypts the user password and compares the value( encrypted value)stored in the database at the time of authontication.
But the requirement is that if any hacker gets the password from the data base and gets the java class I am writing, he should not able to generate the original value of the password from the decrypted value.
Any help will be greatly appreciated.
Thanks in advance,
--MM.

Report | Quote This | Send private message | Reply | Print

Re: Irrevrsible Password encryption.

Posted By:   Adrian_K  
Posted On:   Wednesday, October 23, 2002 10:00 AM

Look at java.security, there you can find the MessageDigest class. the use is:


MessageDigest md5 = MessageDigest.getInstance("MD5");
md5.update("text to encrypt");
Report | Quote This | Send private message | Reply | Print

Re: Irrevrsible Password encryption.

Posted By:   John_Pletka  
Posted On:   Wednesday, October 23, 2002 09:57 AM

This code will one-way hash the password. Just compare the hashes to see if the password matches

public static final String hashPassword(String clearTextPassword)
{
	java.security.MessageDigest sha = null;
	try{
		sha = java.security.MessageDigest.getInstance("SHA-1");
	}catch(java.security.NoSuchAlgorithmException nsae){
		nsae.printStackTrace();
		return clearTextPassword;
	}
	sha.update(clearTextPassword.getBytes());
	byte[] pwHash = sha.digest();
	return "{sha}"+Base64.encode(pwHash);
}
Report | Quote This | Send private message | Reply | Print

Re: Irrevrsible Password encryption.

Posted By:   Jeff_Hubbach  
Posted On:   Wednesday, October 23, 2002 08:29 AM

Do a search on Google for one-way encryption. Then, if you have problems implementing it, come back.
Report | Quote This | Send private message | Reply | Print
About | Sitemap | Contact