2

I've run into a very strange circumstance and figured I would post here because I have no clue what's wrong. I have developed this android app that involves passwords and I have a user with a saved encrypted AES string saved to a file. When a user logs into the system again with their password I need to see whether it equals the encrypted on already in the file.

So I grabbed it and tried to compare the two strings using the .equals method like always and to my surprise it didn't work.

Here are the two strings: What am I missing? Any help would be greatly appreciated since I don't even have an first step on how to solve this. I also tried compareTo == 0 and it didn't work either.

Thank you very much!!!

The first string is from the file, the second is the encrypted version of the password the user just entered:

o0JkTVCBcbZnePszCKp64/cOJx/W/dud/xszfvNjwGk=

o0JkTVCBcbZnePszCKp64/cOJx/W/dud/xszfvNjwGk=
Tastybrownies
  • 897
  • 3
  • 23
  • 49
  • 1
    If you could show the code with the equals, we might be able to help you. Otherwise, I don't see anything wrong. – Justin Nov 17 '13 at 07:23
  • 6
    Did you check that the `String` you're getting from the client doesn't have a trailing `\n` or something of the sort? – Mureinik Nov 17 '13 at 07:24
  • 1
    Also, I recommend using a `char[]` instead of a `String` for passwords (see http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords) – Justin Nov 17 '13 at 07:25
  • 3
    Also, (1) You shouldn't use AES, since it's reversible--use a hash instead, and (2) salt the hash. – chrylis -cautiouslyoptimistic- Nov 17 '13 at 07:27
  • the first string have CRLF try to trim them – Ran Adler Nov 17 '13 at 09:44
  • Those strings are clearly duds :-). Seriously, I've created an answer, but you should heed the advice given to you in the comments. Try and use e.g. PBKDF2 instead of AES. – Maarten Bodewes Nov 17 '13 at 12:31
  • @ran Instead of performing all sort of tricks on the base64 encoding, I've written an answer which explains to compare the data *within* the base64 encoding. I think that is more concise. – Maarten Bodewes Nov 17 '13 at 20:20

2 Answers2

1

Base64 encoding is used to encode binary data into strings; the base64 string is not the data itself. To compare the data in the strings, first decode it to a byte array, then compare the byte arrays using the utility function in the Java Arrays class. This should avoid issues with e.g. white space both in and around the encoding.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
0

Sorry for late but it works for me use .trim(); for encrypted String and then compare

Mohan Shivarkar
  • 1