• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Java Cryptography Extension giving me different result every time

 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i am using Java Cryptography Extension to encrypt/decrypt the password but it is giving me different encrypted string every time even though i am passing same string my sample code is as follows -

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;


public class Main {

public static void main(String arg[]) throws Exception {
for ( int i= 0 ; i < 1; i ++)
{
System.out.println(encrypt("admin"));
}
}

public static String encrypt(String x) throws Exception {
String pass = null ;
try{
KeyGenerator keygenerator = KeyGenerator.getInstance("AES");
keygenerator.init(128);
SecretKey myDesKey = keygenerator.generateKey();
Cipher desCipher;
desCipher = Cipher.getInstance("AES");
desCipher.init(Cipher.ENCRYPT_MODE, myDesKey);
byte[] text = x.getBytes();
byte[] textEncrypted = desCipher.doFinal(text);
pass = textEncrypted.toString();
}catch(Exception e){
e.printStackTrace();
}
return pass;
}
}


 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please UseCodeTags when you post source code.
 
Jesper de Jong
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You get a different result each time because you are generating a new, random encryption key every time.

You should generate the key only once, and then store it and re-use it for encrypting and decrypting.
 
sa sam
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually, i want to store that value into the database,
i will be very thankful if you gave me the example.
(just want to develop login page)
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You're asking how to store a value into a database?
 
sa sam
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i am not asking how to store value. i am asking about, how to get constant encryption value.
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jesper Young wrote:You should generate the key only once, and then store it and re-use it for encrypting and decrypting.

 
Ranch Hand
Posts: 1296
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually you should never need to decrypt the password. All you need is a one way hash, you can then store the hashed password in the database. When the user goes to login, you just hash the password that the user enters by the same method and check whether the two hashes are the same. You should also salt the password with a random salt to help prevent multiple accounts from being compromised using a rainbow table should your database become compromised. The salt can be stored in the database along with the hashed password. All this can easily be done using java.security.MessageDigest, and java.security.SecureRandom.


 
Jesper de Jong
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

ajay chavan wrote:i am not asking how to store value. i am asking about, how to get constant encryption value.


What your code above does, is like this: Every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And your questions is like: "Why does the key look different every time after I locked my door?". Answer: Because you're putting a new lock on the door every time...
 
author
Posts: 23951
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Jesper Young wrote:

ajay chavan wrote:i am not asking how to store value. i am asking about, how to get constant encryption value.


What your code above does, is like this: Every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And your questions is like: "Why does the key look different every time after I locked my door?". Answer: Because you're putting a new lock on the door every time...




Also, the key is not saved by the encrypt() method... so it more like "every time you go out of your house and lock the door, you put a completely new lock with a new key on the door. And throw away the key once you drive off".

Henry
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's even *more* secure than a one-time pad, it's like a *no*-time pad!

Finally, I can make my mark on sci.crypt!!
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic