Developers should not have any access to User's password but User's passwords are stored database. So we need to save passwords in encrypted way.  
  1. Encrypt passwords while registration of User and storing them into database. Developer can see encrypted passwords but they can't know what is real password. 
  2. While Login verify the encrypted password with database.
Here we have to choose proper encrypting algorithm to encrypt password. That algorithm should give One to One relation between password and its encrypted state. SHA-1 algorithm gives unique encrypted value for every unique password.

Function to Encrypt password using SHA-1 algorithm and Salt

encryptNb - Number of Hashing or Encryption
salt - Random string is to be added to password  to improves security. 

    public static String getEncryptedPassword(String password)
            throws NoSuchAlgorithmException, UnsupportedEncodingException {
        int encryptNb = 8;
        byte[] salt = "fhkskjnkj938758xmclksjdlkjhu;pquyttp.xhdhhalqqqjjjlazxcnjiorutalmznvbvna;asi"
                .getBytes();
        MessageDigest digest = MessageDigest.getInstance("SHA-1");
        digest.reset();
        digest.update(salt);
        byte[] hashBytes = digest.digest(password.getBytes("UTF-8"));
        for (int i = 0; i < encryptNb; i++) {
            digest.reset();
            hashBytes = digest.digest(hashBytes);
        }
        return hashBytes.toString();
    }

0 comments:

Blogroll

Follow this blog by Email

Popular Posts