I want an algorithm that can encrypt my username while they are inserting first into database and later on when I want to show the username in the application after being login in the application through that username itself. As user will enter the decrypted form of the username. Password encryption we are already using in our application but this is a single way process as we are not showing that anywhere else so once it was inserted into the application first then only I encrypted that. And I want a different approach for username as I need to use that both in login process and to show the same in application as well.
So, please suggest me the best possible algorithm that can be used in thsi context and without compromising on the security issue.
What is the point of encrypting the username? Against what kind of attack are you trying to protect it?
posted 8 years ago
This can be anything means like a ISBN no of the publishing book and credit card number of the bank or anything else. In both cases when the user need to login into the system for a particular ISBN/Credit Card then client requirement is to put that in encrypted format in the database and decrypt the same when user need to login into the system to check it and after that to show the same on the application as well.
You have a fairly steep learning curve. A forum is a great place for ironing out problems but not good as a tutorial on a subject. If you are really serious about this and want to create a secure system then you need to spend a lot of time learning the basics. A good starting point is "Beginning Cryptography with Java" by David Hook published by Wrox.
Retired horse trader.
Note: double-underline links may be advertisements automatically added by this site and are probably not endorsed by me.
posted 8 years ago
As James said, cryptography is a big subject, and unless you know exactly what you're doing it's easy to end up with an insecure system. So the starting point should be to make certain you understand *why* it's used. If all you know about the answer to that is "the client said so", I suggest to discuss the requirements in detail with the client until you understand the reason behind it. Only then will you (and we) be able to make suggestions how to approach this.
Putting in place security measures without knowing what kinds of attacks those measures should guard against makes no sense.