4

i need to encrypt password to insert in a database.Also when i need that password i need to decrypt this value.What is the simple way to do this?

Note : This operation have not to be very safe.

mekafe
  • 596
  • 4
  • 13
  • 32

2 Answers2

11

Please don't implement your current plans, instead you should use a MessageDigest to accomplish this. Apply a one way cryptographic hash function to the user's password (e.g. one of SHA-256, SHA-384, and SHA-512 [and there are others]) and a SALT to prevent rainbow table based attacks. Finally, for password resets, just replace the current password hash.

As an example,

// We need a bytesToHex method first. So, from -
// http://stackoverflow.com/a/9855338/2970947
final protected static char[] hexArray = "0123456789ABCDEF"
    .toCharArray();

public static String bytesToHex(byte[] bytes) {
  char[] hexChars = new char[bytes.length * 2];
  int v;
  for (int j = 0; j < bytes.length; j++) {
    v = bytes[j] & 0xFF;
    hexChars[j * 2] = hexArray[v >>> 4];
    hexChars[j * 2 + 1] = hexArray[v & 0x0F];
  }
  return new String(hexChars);
}

// Change this to something else.
private static String SALT = "123456";

// A password hashing method.
public static String hashPassword(String in) {
  try {
    MessageDigest md = MessageDigest
        .getInstance("SHA-256");
    md.update(SALT.getBytes());        // <-- Prepend SALT.
    md.update(in.getBytes());
    // md.update(SALT.getBytes());     // <-- Or, append SALT.

    byte[] out = md.digest();
    return bytesToHex(out);            // <-- Return the Hex Hash.
  } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
  }
  return "";
}

public static void main(String[] args) {
  System.out.println(hashPassword("Hello"));
  System.out.println(hashPassword("Hello"));
  System.out.println(hashPassword("Hello1"));
  System.out.println(hashPassword("Hello2"));
}

Which should output

60C1E22D18D022F01EEF0CAF999E52FD44C0C8EFD2161E9F4D24120AB0AFC84D
60C1E22D18D022F01EEF0CAF999E52FD44C0C8EFD2161E9F4D24120AB0AFC84D
CAAC2288692DD57BADFAE0225A42E59E1979E0116D009EEF01912E8C75529515
E0A3963BFAF209A17422918CB1FC950A62858993CA9A7BA6F760B8D4688306FD

Demonstrating how tremendously different one character makes the resulting hash.

Elliott Frisch
  • 198,278
  • 20
  • 158
  • 249
  • 1
    Shouldn't be "Just replace the current password hash"? – MGorgon Dec 30 '13 at 01:20
  • Oh!I understood but i have no much time.So is there any code can do this?I tried some of methods but could not make it. – mekafe Dec 30 '13 at 01:45
  • @Ellios Thank you very much.How can i decrypt this hashvalue? – mekafe Dec 30 '13 at 02:21
  • 3
    @mekafe You don't. That's the entire point. The user is the only one who can provide their "correct" password. Even if someone gets a copy of your password database, they cannot determine another user's password. – Elliott Frisch Dec 30 '13 at 02:25
  • oh,but i need value of password for example in login.I need to check the password.How will i do this? – mekafe Dec 30 '13 at 02:28
  • 1
    @mekafe The user gives you their password and you hash it again; if the hashed value matches the value stored in the database it's correct. Otherwise, it's incorrect. To change the password, verify the user's identity some other way and then replace the password hash. – Elliott Frisch Dec 30 '13 at 02:30
  • @mekafe That's why I hashed "Hello" twice, to show you that you'll get the same output with the same input... – Elliott Frisch Dec 30 '13 at 02:31
  • yep,i got it.I'm trying now. – mekafe Dec 30 '13 at 02:36
  • This works if your system is the one that does the authentication, but not where you need to store a password in the DB to authenticate against a third-party. – Glenn Lawrence Mar 26 '15 at 03:18
1

One more way is to use Encrypt class for encrypting your password with randomly generated keyvalue. But you need to store the keyvalue in your DB for encrypted password. Like this,

Integer randVal = random.nextInt();
Encrypt encrypt = new Encrypt();
// convert password to encrypted password
String encyppassword = encrypt.encryptText(
Integer.toString(randVal) + "",
your_password);

While decrypt you need to use keyvalue and encrypted password. Like this,

Decrypt decrypt = new Decrypt();
Integer randVal = keyvalue_from_db;
String decryptedPassword = decrypt.decryptText(
    String.valueOf(randVal.toString()),
    encrypted_password);

Hope this helps.

Vinoth Krishnan
  • 2,925
  • 6
  • 29
  • 34