0

I am using AES256 encryption but it can be decrypt with secure key. And i hash the encrypted password and store in my DB. But the plain-text "password" encrypt different each time. And hash by BCrypt different each time.How can i store or check password when user submit his/her password? 

 AES256Encryption d = new AES256Encryption();


    String password = "password";
    System.out.println("password : " + password);
    String encPsw = d.encrypt(password);
    System.out.println("Encrypted string:" + encPsw);


    String hash = BCrypt.hashpw(encPsw, BCrypt.gensalt()); 
    System.out.println("hashed string : " + hash);

    if(BCrypt.checkpw(password,hash )){
        System.err.println("password matched!!");
    }else{
        System.err.println("password not matched!!");
    }

These codes always prints "password not matched!!". How can i compare user's password and hashed password from database?

ROOT
  • 153
  • 4
  • 19

1 Answers1

1

bcrypt is a password hashing function. If you want to verify a password, you have to provide the same password that was used to generate the hash.

Currently, you're generating a bcrypt hash over the an AES-encrypted password, but you check the hash with an unencrypted password. You could check the encrypted password:

if(BCrypt.checkpw(d.encrypt(password), hash)){

But this will break if AES256Encryption#encrypt is actually secure. Encryption is usually randomized (for semantic security). So encrypting it again will not lead to the same encrypted password that was previously hashed.

Furthermore, encrypting with AES doesn't really provide any more security than executing bcrypt on its own, if you have a static key. If AES256Encryption#encrypt is semantically secure (randomized), then you cannot mix AES and bcrypt. You will have to remove AES encryption.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
  • İn this article, on attemp five; https://nakedsecurity.sophos.com/2013/11/20/serious-security-how-to-store-your-users-passwords-safely/ he said use hash. If i only use AES, and store data, will it be decrypt ? And AES doesn't give the same encrypted password, it changes every time. My question is how can i store encrypted password, and when user try to log in how can i check for user password is true? – ROOT Jan 27 '16 at 06:59
  • That's what bcrypt is for. Passwords shouldn't be encrypted and decrypted. They must be hashed which bcrypt is sort of doing. AES is encryption and since you need the key close-by, it doesn't provide additional security. If you still want to use AES, then you need to encrypt the initial bcrypt-hash with AES and decrypt this encrypted-hash with AES before you pass it to `BCrypt.checkpw`. – Artjom B. Jan 27 '16 at 09:02
  • Yes it is true but after encrypt the hash i store it in DB and next time user wants to log in i check user's password plain-text with stored value, it will give me an exeption because hashed string and encrpted string changes every time. it is not same stored string. And i don't understand bcrypt is secure as AES? if i use bcrypt and AES is it not possible? And if i only use AES and store the encrypted password which key use for decrypt? – ROOT Jan 27 '16 at 10:02
  • You should never encrypt your user's passwords. You need to use hashing instead with some strong ones being PBKDF2, bcrypt, scrypt and Argon2. Since hash functions are one-way function, you won't be able to "decrypt" the hashes. In order to authenticate your user, you can run the password through the hash function again in order to compare with the hash that is stored in the database. See more: [How to securely hash passwords?](http://security.stackexchange.com/q/211/45523). AES *can* add security if you can keep the key secret, but *it needs a key*, which is usually close to the data. – Artjom B. Jan 27 '16 at 10:05
  • Just remove AES. bcrypt is enough for password verification. – Artjom B. Jan 27 '16 at 10:06
  • Thanks for your response. But i can not understanding. I only use AES how can i store encrypted password and check it is true? stored password not decrypted. – ROOT Jan 27 '16 at 12:19
  • What do you mean by *"I only use AES"*? You're clearly trying to use AES *and* bcrypt. – Artjom B. Jan 27 '16 at 12:22
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/101775/discussion-between-root-and-artjom-b). – ROOT Jan 27 '16 at 12:51