1

I'm building Android app that is intended for exactly one user per installation. Application needs to store username and password.

After validation, entered username and password are stored in shared preferences and both of them need to be entered every time the app starts.

Username field:android:inputType="textCapSentences"

Password field:android:inputType="textPassword"

My question is: what is the least painful way to encrypt/decrypt both values.

Encryption process doesn't have to be top notch since the application is for school project.

CleanCoder265
  • 574
  • 1
  • 5
  • 22

3 Answers3

3

There is no need to encrypt/decrypt the inputs.

In order to make them unreadable you just have to use a good one-to-one Hash-Function.

Let's say your hash function is 'h':

To store your values:

// Pseudo
SharedPrefs.put(USERNAME, h(input_username));

To validate your values:

// Pseudo
SharedPrefs.get(USERNAME).equals(h(input_username));
Erik
  • 73
  • 6
1

Never never encrypt passwords, use hashes

you can try this: Hash String via SHA-256 in Java

Save the password hash on your database, when the user logs in, hash the input, if the hash on your database is equal to the input hash then you know that the user typed the right password

Community
  • 1
  • 1
Tiago Oliveira
  • 1,582
  • 1
  • 16
  • 31
  • Can you explain why password encription is not a way to go? – CleanCoder265 Sep 03 '16 at 19:37
  • If you use encryption anyone can decompile your app, see your password and decrypt your users password, if you use a good hashing + salt it's almost impossible to get the password in one life time, cracking a hashed password takes a lot of years even with a super pc – Tiago Oliveira Sep 03 '16 at 19:42
0

Since you want to encrypt/decrypt the credential(username and password) every time when user starts the app. I'ld recommend you to use [Account Manager][1]

[1]: https://developer.android.com/reference/android/accounts/AccountManager.html that will handle it as well as secure.

nilesh soni
  • 1