开发者

In JDK 1.4 API, how do I encrypt a user password that the user entered in a text box?

开发者 https://www.devze.com 2023-03-27 16:05 出处:网络
I need to 开发者_StackOverflowencrypt the password the user enters in a text box on the UI, save it, and then decrypt it when the getPassword() method is called.

I need to 开发者_StackOverflowencrypt the password the user enters in a text box on the UI, save it, and then decrypt it when the getPassword() method is called.

What is the correct JDK 1.4 API I should use?

Thanks in advance.


If you want to secure you passwords, you'll may want to use a Hash algorithm like MD5 or SHA1. You don't want to decrypt the stored password to compare it with the one provided on a login but rather hash the provided password and compare the Hashs

here some documentation on the methods you can use to hash : https://www.owasp.org/index.php/Hashing_Java


There's an example here using Java 1.4 Crypto interface for MD5 encryption:

http://download.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html#HmacEx

Blowfish: http://download.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html#BlowKeyEx


Just use Cipher with the "AES/CBC/PKCS5Padding" mechanism (in getInstance()). You can use a 128 bit (16 byte) AES key created using SecretKeySpec (this is already a key!). Higher bitrates will require unlimited encryption policy files to be installed. As I noted as remark, please note that this is only obscuring the data, since the key will need to be stored with the application - so people that know what to do can retrieve both the password and key and decrypt the information outside of the application.

If you store multiple passwords with the same key, make sure you generate and store a separate random IV per password. The advise in this last paragraph is more to let you know how to encrypt stuff correctly since it is easier to obtain the key than to decrypt the data without it anyway.

0

精彩评论

暂无评论...
验证码 换一张
取 消