• Post Reply Bookmark Topic Watch Topic
  • New Topic

String encryption

 
Eric Larsen
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Okay, I'm writing a program that has to be able to verify a username and password to log on a user. I plan on doing this with a .txt file and some sort of system to encrypt the password or the password and the username.

1. Is this the right/best/most secure way to go about this?
2. How would I design this? I have a feeling I'll need to use either javax.crypto or java.security.

NOTE: I don't have much knowledge or experience with this kind of thing, so a link to a tutorial or a detailed explanation of what all is involved would be VERY much appreciated.

Thanks in advance for the help!

The code for the server so far (without the file I/O) :

 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't understand where the file fits in (are you planning to store encrypted usernames/passwords in it?), but be aware that any time you encrypt something you're changing the problem of protecting a list of passwords into the problem of protecting the encryption key (which may or may not be any easier to solve).

The usual approach to protecting passwords is to hash -or digest- them. That's a one-way "encryption" that can not be reversed. The benefit of that is that there's no key to protect, and that the list of hashed passwords -should it ever fall into the wrong hands- can't be used to log into the system.

The Java API for encryption is called JCE, and you can find some relevant links -including complete example source codes- in the http://faq.javaranch.com/java/SecurityFaq.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!