code for encrypting password

**ranjithakd** · 09-15-2006, 05:01 AM

hello,

Please anyone could help me with code, where i have to encrypt the user password and store it in the database.

ie You would encrypt the password, store it in the database, and when a user tries to log-in you would encrypt the password entered and compare
it to the one in the database.

thanking you,
raji

**agent_x91** · 09-18-2006, 02:52 AM

Personally, I would use MD5 to encrypt the passwords; it is a pretty standard algorithm. I used this method in my own code and it works for me:

PHP Code:


public static String encrypt(String s)

 {

 try

  {

  MessageDigest dig=MessageDigest.getInstance("MD5");

  byte[] message=s.getBytes();

  dig.update(message);

  

  String the_message=new String(dig.digest());

  

  return the_message;

  }

 catch(NoSuchAlgorithmException e)

  {

  e.printStackTrace();

  }

 

 return null;

 }

Remember to import java.security.MessageDigest and java.security.NoSuchAlgorithmException

Btw I assume you're referring to an applet or a stand-alone application, I have little to no experience in JSP so I don't know how you could do this in JSP.

**ranjithakd** · 09-18-2006, 03:50 AM

thank you for your reply. Let me try this with.

**agent_x91** · 09-20-2006, 08:10 AM

Did it work OK?

**ranjithakd** · 09-21-2006, 04:42 AM

hello,
actually, iam working with JSP & servlet. more over i have to save the password in encrypted form. then in the next login i have to decript it & compare the password.so working on it. any way thank you once again to give me an idea.

thanking you

**drch** · 09-23-2006, 01:14 AM

Originally Posted by ranjithakd

hello,
actually, iam working with JSP & servlet. more over i have to save the password in encrypted form. then in the next login i have to decript it & compare the password.so working on it. any way thank you once again to give me an idea.

thanking you

The way that was suggested is a pretty standard way of doing it. You don't want the password to be decrypted so you use a one way hash, ie MD5. You store the encrypted version in the database. When a user supplies a password for login, you perform the same hash and compare it with the stored value.

Storing password information that can be decrypted is a bad practice.

**agent_x91** · 09-25-2006, 05:14 AM

Indeed, it's always best to compare encrypted passwords rather than decrypting them - if it can be decrypted so easily it's insecure. I don't know how to do the same thing in JSP, but I'd reccommend comparing encrypted passwords rather than using a decryptable method, and MD5 is probably your best bet.

Thread: code for encrypting password

Thread Tools

Display

code for encrypting password

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions