How to (salt and hash) and store a password in java..Then check the password if matches to a user's manual input
Question
So im coding a register and a log-in system in java. My plan for the register is: the user enters username, then enters password.
The password gets salted and stored in a .txt file. Now when user will have to enter the password to the log-in system, how i retrieve the original password to check it from the .txt file since its salted?
My questions are two: how i salt the password and then store it. How to retrieve the original password, so to check it.
I have searched a lot of things but i found nothing about this.
1 answers
solution1
0 2020-01-04 10:30:18
You save both the salted password and the salt. So when saving the password you do the following:
- create a salt (random hash of a certain length)
- hash the password + salt combination
- store this hashed string, but also store the salt and the username.
Do NOT store the plaintext password!
When a user tries to log in later, you do the following:
- retrieve the hashed password and salt (stored together with the username, so look up by username)
- hash the password (provided by user who wants to log in) + salt
- compare this hashed string with the hashed password you stored.
- If they are equal, the user provided the correct password.
So you never compare the plaintext password a user provides with a plaintext password you saved, because it is unsecure to save plaintext passwords, in case this data gets compromised.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.