Hashing Passwords to Improve Security in JAVA

Developers should not have any access to User's password but User's passwords are stored database. So we need to save passwords in encrypted way.

Encrypt passwords while registration of User and storing them into database. Developer can see encrypted passwords but they can't know what is real password.
While Login verify the encrypted password with database.

Here we have to choose proper encrypting algorithm to encrypt password. That algorithm should give One to One relation between password and its encrypted state. SHA-1 algorithm gives unique encrypted value for every unique password.

Function to Encrypt password using SHA-1 algorithm and Salt

encryptNb - Number of Hashing or Encryption

salt - Random string is to be added to password to improves security.

    public static String getEncryptedPassword(String password)
            throws NoSuchAlgorithmException, UnsupportedEncodingException {
        int encryptNb = 8;
        byte[] salt = "fhkskjnkj938758xmclksjdlkjhu;pquyttp.xhdhhalqqqjjjlazxcnjiorutalmznvbvna;asi"
                .getBytes();
        MessageDigest digest = MessageDigest.getInstance("SHA-1");
        digest.reset();
        digest.update(salt);
        byte[] hashBytes = digest.digest(password.getBytes("UTF-8"));
        for (int i = 0; i < encryptNb; i++) {
            digest.reset();
            hashBytes = digest.digest(hashBytes);
        }
        return hashBytes.toString();
    }

1 comment:

Unknown24 May 2019 at 21:07
It is essential to secure our data so that it cannot be use by unauthorized people. Data can be in any form this https://www.resumewriterslist.com/best-it-cv-writers-online/ site where media are common so it is essential to use some password scheme to sure the privacy of data. Overall likable..!!

→	Convert XML or JSON to Java Pojo Classes
→	Change Icon Color Online

SodhanaLibrary