Hashing Passwords to Improve Security in JAVA

Developers should not have any access to User's password but User's passwords are stored database. So we need to save passwords in encrypted way.

Encrypt passwords while registration of User and storing them into database. Developer can see encrypted passwords but they can't know what is real password.
While Login verify the encrypted password with database.

Here we have to choose proper encrypting algorithm to encrypt password. That algorithm should give One to One relation between password and its encrypted state. SHA-1 algorithm gives unique encrypted value for every unique password.

Function to Encrypt password using SHA-1 algorithm and Salt

encryptNb - Number of Hashing or Encryption

salt - Random string is to be added to password to improves security.

    public static String getEncryptedPassword(String password)
            throws NoSuchAlgorithmException, UnsupportedEncodingException {
        int encryptNb = 8;
        byte[] salt = "fhkskjnkj938758xmclksjdlkjhu;pquyttp.xhdhhalqqqjjjlazxcnjiorutalmznvbvna;asi"
                .getBytes();
        MessageDigest digest = MessageDigest.getInstance("SHA-1");
        digest.reset();
        digest.update(salt);
        byte[] hashBytes = digest.digest(password.getBytes("UTF-8"));
        for (int i = 0; i < encryptNb; i++) {
            digest.reset();
            hashBytes = digest.digest(hashBytes);
        }
        return hashBytes.toString();
    }

→	Convert XML or JSON to Java Pojo Classes
→	Change Icon Color Online

SodhanaLibrary

Hashing Passwords to Improve Security in JAVA

Function to Encrypt password using SHA-1 algorithm and Salt

0 comments:

Post a Comment

Blogroll

Follow this blog by Email

My Online Tools

Catagories

Popular Posts