3

I need to save username and password in text file, in this format: username#password. Is there a way in Java to hide password characters? So, if i open that txt file password can not be read.

johnny94
  • 311
  • 4
  • 20
  • 2
    *if i open that txt file password can not be read* If you can't read it, you can't use it - so it **must** be readable. I do hope you're not thinking that the username and password you put in such a file is going to be kept secret. Even if you encrypt the file, your program has the decryption key in it. And anyone with proper permissions - such as the person running the process - has access to the memory of the process and can get the username and the password. – Andrew Henle Aug 13 '16 at 14:58
  • 1
    More information is needed about the use, is this per user, on a user device, on a server? How is the password used and for what purpose. Who is the attacker and what value ($$) is being protected? – zaph Aug 13 '16 at 15:52
  • 2
    As zaph already said, you should write whether you really need to retreive the password (e.g. to send it to another service), or if it is only needed for authentication. In the latter case you can store only a _hash_ of the password (BCrypt, SCrypt, PBKDF2) and verify an entered password with this hash. – martinstoeckli Aug 15 '16 at 21:15

3 Answers3

2

A txt file is a plaintext file, meaning that you can't hide its content unless you encrypt it:

Simplest way to encrypt a text file in java

Alternatively, if changing the requirements is an option, you could store a hash instead of the password:

How can I hash a password in Java?

martriay
  • 5,632
  • 3
  • 29
  • 39
  • 2
    In general **do not encrypt passwords**, that is not secure. Additionally, how would you secure the encryption password? – zaph Aug 13 '16 at 15:53
0

Code is as follows:

public class mjm {

public static void main(String[] args) {
    String k="xyz@gmail.com#abcd1234";
    //xyz.gmail.com is id and abcd1234 passward
    //encrypting passward starts here
    char[] b=k.toCharArray();
    System.out.println(k);

    for(int a=0;a<b.length;a++)
    {
        int c=(int)(b[a]);
        c=c^31;
        b[a]=(char)c;
    }
    k=new String(b);
    System.out.println(k);
    //decryption code of above encrypted code is as follow
     b=k.toCharArray();
    for(int a=0;a<b.length;a++)
    {
        int c=(int)(b[a]);
        c=c^31;
        b[a]=(char)c;
    }
    k=new String(b);
    System.out.println(k);
    }
}

You must encrypt and decrypt with same number 31. The ID isxyz@gmail.com and the password is abcd1234 (both separated by a #).

The first for loop is to encrypt these to a text file which isn't readable. The second for loop is to decrypt the encrypted code back to normal. You just need to remember the XOR factor which is 31.

jmq
  • 10,110
  • 16
  • 58
  • 71
Mandar Sadye
  • 689
  • 2
  • 9
  • 30
  • **Do not encrypt passwords**, when the attacker gets the DB he will also get the encryption key. Further this algorithm is horribly in-secure! See the comment to @Zek. – zaph Aug 13 '16 at 15:48
0

For passwords, I strongly suggest look for hash functions such as MD5, SHA-1, SHA-256, SHA-512, xxHash, etc. instead of encryption.

If you really want to use encryption, you may want to try AES. (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)

Sample AES Java code: https://gist.github.com/bricef/2436364#file-aes-java

Ezekiel Baniaga
  • 853
  • 1
  • 12
  • 26
  • 1
    Just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead iIterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force. – zaph Aug 13 '16 at 15:47