new String(md.digest()))
This method to authenticate the user is fine?After encryption I will be storing it into database. And when next time user login again at that time I will again encrypt it and match it with the one stored in database(already in encrypted form).
This method to authenticate the user is fine?
why can't we store the password in plain text?
Originally posted by Ulf Dittmer:
You can, but you shouldn't. Passwords are always of interest to attackers
Vikas Kapoor wrote:After one and half year I ran into one technical problem.
Before : User Password -> SHA-1 -> Base64 - database (varchar)
Now, I come to know SHA-1 is weak and better option like SHA-2 should be used. But when I apply Base64 encoding after processing password using SHA-2, it reaches its limit of Maximum encoded line length (that is 76) Ref : Base 64. It adds line feed(10) and carriage return (13) into that encoded string.
I have two options,
1) Find a Java encoder which has higher Maximum encoded line length. Any input?
2) Rather than storing varchar, I store blob and just get rid of encoder altogether. I can compare blob data to authenticate the user.
Please give some suggestions.
Retired horse trader.
Note: double-underline links may be advertisements automatically added by this site and are probably not endorsed by me.
If not you should. There is little point to use sha2 if you are not using a seeded digest.
Vikas Kapoor wrote:I do not know what is 'seeded digest'?
If not you should. There is little point to use sha2 if you are not using a seeded digest.
I do not follow this too.
Nice to meet you.
greg stark wrote:A "seed" is more commonly called a salt in this context.
Henry Wong wrote:
greg stark wrote:A "seed" is more commonly called a salt in this context.
You're absolutely right. I was thinking salt. I guess I actually don't know what a "seeded digest" is.
Sorry for the confusion,
Henry
Retired horse trader.
Note: double-underline links may be advertisements automatically added by this site and are probably not endorsed by me.
Those are the largest trousers in the world! Especially when next to this ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
|