Is there a "easy" way to encrypt/decrypt a password.
3 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Niklas_Jansson
Posted On:   Thursday, July 12, 2001 10:50 PM

What is the common way (if there is one) to encrypt and decrypt passwords.

The passwords and usernames are saved in a database.



Thanks in advance, Niklas

Re: Is there a "easy" way to encrypt/decrypt a password.

Posted By:   Cagan_Senturk  
Posted On:   Tuesday, July 17, 2001 02:32 PM

Niklas,
I posted a question in the Security Forum a few weeks ago. I had provided with the code sniplets in the problem description.
Basically, you create a message digest with the user's password, save that in the database and every time user tries to login, you compare the message digest of user's input against the value stored in the database.
Everything you need to do this is in java.security package.

Re: Is there a "easy" way to encrypt/decrypt a password.

Posted By:   John_Mitchell  
Posted On:   Saturday, July 14, 2001 02:44 PM

In terms of Java, check out the javax.crypto.Cipher stuff in the JCE. This is talked about in e.g., chapter 13 of the second edition of Scott Oaks Java Security book and in chapter 6 of Jaworski and Perrone's Java Security Handbook.

Re: Is there a "easy" way to encrypt/decrypt a password.

Posted By:   Luigi_Viggiano  
Posted On:   Friday, July 13, 2001 12:43 AM

Most systems, like unix, don't store passwords, but an hash code calculated applying an algorithm to the password and current time (when user subscribes). When user insert its password the algorithm is applyed to inserted password and the time to reproduce the same hash code, if it matches the user is authenticated. This is not the easyest way, but you can proceed as follow:

When a new user subscribes you get the time as a long value and simply apply a XOR with typed password with this long value, and store the hash code obtained somewhere. When user logins its password is XORed with the long value representing subscription timestamp and if it matches with stored "hash" you let him enter.This is not complex and secure (because knowing the timestamp you can apply to the hash and get back the original password), but is simple: XOR is considered the easyest way to encrypt data with a password because applying it twice with same "key" you get back the original data.
About | Sitemap | Contact