3

This is a two-part question:

  1. How do I hash the user password in an Android application and store the hash in the database?

  2. How do I convert the user login password and check with the already stored hash in the database?

Note: I am only interested in the code related to Android (Java). If you could explain how to do this using Android Studio, that's much better.

rma
  • 1,853
  • 1
  • 22
  • 42
Jatin
  • 49
  • 1
  • 1
  • 7
  • 1
    Where is the database where you want to store the password? In my experience, the checking of the password would be taking place on the server side, _not_ on your local Android phone. – Tim Biegeleisen Jun 21 '17 at 04:29
  • 1
    do you want to store the user password in local db or some remote server?? – sumit Jun 21 '17 at 04:31
  • the password would be stored on server side. But can you give the answer if i want to store in local db too? – Jatin Jun 21 '17 at 04:34
  • I think you should be able to use the [jBCrypt library](http://www.mindrot.org/projects/jBCrypt/) to calculate password hashes, though never tried it myself. – martinstoeckli Jun 21 '17 at 07:27

1 Answers1

2

You can calculate the PBKDF2 function in Android hash of a string using the linked code. If you want to store the password locally, store that hashed string in a local SQL database. If you want to convert the login password, just hash the password that the user enters, and perform a SQL query in the local database to compare that new hashed password with the one stored in the database. However, I would recommend not storing the password on your phone and using a remote database instead. Depending on the DB you use, the answer for how to store and get the data will be different. However, you can still calculate the BPKDF2 hash in the same way.

rma
  • 1,853
  • 1
  • 22
  • 42
  • 4
    No please don't recommend MD5 for password-hashing it is way too fast and can be brute-forced with [20 Giga MD5 per second](http://thepasswordproject.com/oclhashcat_benchmarking). Recommended password-hash functions are BCrypt, SCrypt, PBKDF2 and Argon2. – martinstoeckli Jun 21 '17 at 07:21
  • 1
    Ok, I didn't know that. Thank you for the clarification! Edited answer to reflect this. – rma Jun 22 '17 at 04:18
  • @JohnDoe I get the concept in theory, but can you provide me the code. The link that you provided, takes me to further links and doesn't actually provide any code. – Jatin Jun 22 '17 at 04:40
  • For the md5 hash, check this this link (https://stackoverflow.com/questions/4846484/md5-hashing-in-android) out, and for the PBKDF2 encryption/decryption, check out this github link (https://gist.github.com/scotttam/874426) – rma Jun 22 '17 at 07:46