The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Java Answers Forum
Password Encryption

3 replies on 1 page. Most recent reply: Aug 25, 2002 7:28 AM by Charles Bell

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 3 replies on 1 page
kevin

Posts: 9
Nickname: kev
Registered: Jun, 2002

Password Encryption Posted: Aug 23, 2002 10:37 PM
Reply to this message Reply
Advertisement
Hallo, I like to ask about encrypted password in webpage. What I talking is like the login page in Yahoo mail or just like in this artima forum. What method should I use to encrypt the password? Is there any solution for me??

Thank in advanced..


Singh M.

Posts: 154
Nickname: ms
Registered: Mar, 2002

Re: Password Encryption Posted: Aug 24, 2002 3:49 AM
Reply to this message Reply
Well.. you can use the encryption provided by the database. For eg. MySql has a function called Password.

thomas

Posts: 42
Nickname: turbomanic
Registered: Jul, 2002

Re: Password Encryption Posted: Aug 25, 2002 4:55 AM
Reply to this message Reply
there is a swing.crypto class may help but difficult to understand. It is in java sdk 1.4,could use it in an applet.

Charles Bell

Posts: 519
Nickname: charles
Registered: Feb, 2002

Re: Password Encryption Posted: Aug 25, 2002 7:28 AM
Reply to this message Reply
A very secure way of password encryption is to use a one way hash function provided by the java implementation of the Secure Hash Algorithm or SHA

You calculate the hash or digest of the user name and password to form a byte array that is stored in a file and then compare that byte array from one calculated from a user login name and password.

Combining the user name and password prevents a hacker from simply trying common passwords. The hash or digest is in bytes. Even if a hacker could read the byte array stored in a file, he could not even in whole lifetime guess or manually hack the user name and password combination that gives that byte array.
This way the actual valid user names and passwords are not in plain text anywhere, making hacking the sytem virtually impossible. If you log all login attempst, its easy to see from a review of the log whether someone is trying to brute force an entry.
The following method does the computation of the 20 byte array.




import java.io.*;
import java.security.*;
import java.util.*;


	/**	Uses the given digestalgorithm to compute a 20 byte array of the 
	*	user name and password.
	*/
	private byte[] makeDigest(String user, String password){
		byte[] digestbytes = new byte[20];
		try{
			MessageDigest messagedigest = MessageDigest.getInstance("SHA");
			messagedigest.update(user.getBytes());
			messagedigest.update(password.getBytes());
			ByteArrayOutputStream baos = new ByteArrayOutputStream();
			messagedigest.update(baos.toByteArray());
			digestbytes = messagedigest.digest();
		}catch(NoSuchAlgorithmException nsae){
			System.err.println("NoSuchAlgorithmException: " + nsae.getMessage());
		}
		return digestbytes; 
	}

Flat View: This topic has 3 replies on 1 page
Topic: what makes us recognise a bean?? Previous Topic   Next Topic Topic: I now program works but problem with display
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use