• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Password Encryption and Decryption

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,


Can somebody help me out in encryption and decryption of a password?
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The JavaDocs are a good place to start. There is good related documentation linked from there too.
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you explain in more detail what you want to do? Do you want to store passwords in a database or file or somewhere else in encrypted form?

One technique that is used very frequently (for example, it is how most versions of Unix store passwords of user accounts in the file /etc/passwd) is the following:

Instead of storing the password itself, you store a "digest" of the password. There are several different algorithms to create the digest, for example SHA and MD5. Those digest algorithms are one-way algorithms: you can encrypt data with them, but it is not possible to decrypt it (you can't get the original data back out of the digest).

When someone logs on to your system, the user types in his or her password. Your program now computes the digest of the password that the user typed in, and compares that digest to the digest in the database. If the two are the same, then the correct password was typed in.

So you see, the trick here is that if you know the digest, you don't know the password, because the algorithm only works one way.

Java has methods to compute digests over data: see the class java.security.MessageDigest.
 
Bunty Paul
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Jesper Young:
Can you explain in more detail what you want to do? Do you want to store passwords in a database or file or somewhere else in encrypted form?

One technique that is used very frequently (for example, it is how most versions of Unix store passwords of user accounts in the file /etc/passwd) is the following:

Instead of storing the password itself, you store a "digest" of the password. There are several different algorithms to create the digest, for example SHA and MD5. Those digest algorithms are one-way algorithms: you can encrypt data with them, but it is not possible to decrypt it (you can't get the original data back out of the digest).

When someone logs on to your system, the user types in his or her password. Your program now computes the digest of the password that the user typed in, and compares that digest to the digest in the database. If the two are the same, then the correct password was typed in.

So you see, the trick here is that if you know the digest, you don't know the password, because the algorithm only works one way.

Java has methods to compute digests over data: see the class java.security.MessageDigest.



I want to store the pasword in a mysql database table in encrypted form.
Again i need to decrypt whenever i need, for example during password verification
I want some encryption and decryption program in java using any algorithm.
I have got lot of encryption methods through google but have not got any decrypion algorithm
 
author
Posts: 23958
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Bunty Paul:

I want to store the pasword in a mysql database table in encrypted form.
Again i need to decrypt whenever i need, for example during password verification
I want some encryption and decryption program in java using any algorithm.
I have got lot of encryption methods through google but have not got any decrypion algorithm



Take a look at Jesper's post again. He is suggesting that decrypt is *not* necessary for the case of passwork validation. Basically, you challenge the user for the password, you then encrypt the value entered, and compared it with the encrypted password -- no need for decrypt.

Anyway... if this is a case where you need to decrypt. Google for the javax.crypto.Cipher class. It is built into Java 1.4 core, and supports a large number of algorithms.

Henry
 
lowercase baba
Posts: 13091
67
Chrome Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Being able to decrypt a password is a bad idea. If someone gets access to your database, they have access to everything by decrypting passwords. it is inherently unsafe.

I don't understand why you need to decrypt for password verification. you're saying you want to decrypt the password, and compare that to what the user types in. instead, you should encrypt what the user types in, and compare that to the stored, encrypted password.
 
Why is the word "abbreviation" so long? And this ad is so short?
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic