stackoom
  简体   繁体   中英

How to store password encrypted in database?

 原文  2011-03-15 10:00:35       java/ database/ encryption

Question

I am trying to store the password into the database in the encrypted form with the help of JSP and Servlets. How I can do that?

3 answers

solution1
 8  2011-12-28 08:38:04

Self-written algorithms are a security risk, and painful to maintain.
MD5 is not secure .

Use the bcrypt algorithm, provided by jBcrypt (open source): 

// Hash a password
String hashed = BCrypt.hashpw(password, BCrypt.gensalt());

// Check that an unencrypted password matches or not
if (BCrypt.checkpw(candidate, hashed))
    System.out.println("It matches");
else
    System.out.println("It does not match");

If you use Maven, you can get the library by inserting the following dependency in your pom.xml (if a newer version is available please let me know) : 

<dependency>
    <groupId>de.svenkubiak</groupId>
    <artifactId>jBCrypt</artifactId>
    <version>0.4.1</version>
</dependency>

solution2
 0  2011-03-15 10:06:45

Try something like this to encrypt your data. 

MessageDigest md = MessageDigest.getInstance("MD5");


......


synchronized (md) {

md.reset(); 
byte[] hash = md.digest(plainTextPassword.getBytes("CP1252"));

StringBuffer sb = new StringBuffer();
for (int i = 0; i < hash.length; ++i) {
sb.append(Integer.toHexString((hash[i] & 0xFF) | 0x100).toUpperCase().substring(1, 3));
}

String password = sb.toString();
}

solution3
 -1  2011-03-15 11:09:43

You can also use something like below. Below is a crypt method which takes a string input and will return and encrypted string. You can pass password to this method. 

public static String crypt(String str) {
    if (str == null || str.length() == 0) {
        throw new IllegalArgumentException(
                "String to encrypt cannot be null or zero length");
    }

    StringBuffer hexString = new StringBuffer();

    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        md.update(str.getBytes());
        byte[] hash = md.digest();

        for (int i = 0; i < hash.length; i++) {
            if ((0xff & hash[i]) < 0x10) {
                hexString.append("0"
                        + Integer.toHexString((0xFF & hash[i])));
            } else {
                hexString.append(Integer.toHexString(0xFF & hash[i]));
            }
        }
    } catch (NoSuchAlgorithmException e) {

    }

    return hexString.toString();
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to store password as encrypted in properties file in Spring encrypted database password MongoDb How to match original password with encrypted password entry in database on login How to connect UCanAccess to an Access database encrypted with a database password? How to store hashed password in database? HSQLDB reset password for encrypted database How to pass jasypt encrypted password to database through DataSourceBuilder Store encrypted password in mysql and decrypt while fetching how to store java application password safely in database Unable to save an encrypted password with BCryptPassword in database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM