encryption using java in web automation using webdriver
Question
I am in search for an Idea to encrypt the password (login password) and decrypt before typing.
Has anyone done such a thing?
I know that we have to be sure that encryption logic shouldn't be visible to users but I'm not sure how exactly to hide/secure it?
1 answers
solution1
1 2012-10-12 17:49:25
Fundamentally, any approach you take that is totally automated will be duplicatable by a user that can access the java program. All the ingredients they need to decrypt the password will be present in the program. If they are able to run the program, they can also just use it 'blindly' to decrypt the password for them.
However, you can try to make it difficult for a person who gains access to your filesystem to yield the unencrypted password.
You will be encrypting your password under some key K , using say AES-128.
Your challenge is then to make K hard to come by, so make it something that your program has to calculate every time. Then an attacker has to copy those calculations in order to yield the key, this would usually mean forcing them to reverse engineer the program - unless, as I say, they are able to simply run the program.
You could also make it so that the calculation relies on some remote value, stored on a webserver or such.
There are many approaches, but you're not going to do better than security-through-obscurity. It will never actually be secure as such. Just make something up :P
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.