-3

I'm currently working on my final project, so far I have a signup page, that stores your Username, email and password. For the password, it encrypts using a SHA algorithm, but I found out that the SHA digest the password, thus making it undecryptable. I need your help so that I can find some sort of encryption-decryption code. Here is the code I have: 

 try {
        PrintWriter arq = new PrintWriter(jTextField1.getText()+".txt");
        arq.println("Username: " + jTextField1.getText());
        arq.println("Email: " + jTextField2.getText());




        String algorithm = "SHA";

        byte[] plainText = jPasswordField1.getText().getBytes();

    MessageDigest md = null;

    try {       
        md = MessageDigest.getInstance(algorithm);
    } catch (NoSuchAlgorithmException e) {
    }

    md.reset();     
    md.update(plainText);
    byte[] encodedPassword = md.digest();

    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < encodedPassword.length; i++) {
        if ((encodedPassword[i] & 0xff) < 0x10) {
            sb.append("0");
        }

        sb.append(Long.toString(encodedPassword[i] & 0xff, 16));
    }

        arq.println("Password: " + sb.toString());

        arq.close();
        if(!jTextField2.getText().equals(jTextField3.getText()) 
   ||!jPasswordField1.getText().equals(jPasswordField2.getText())){
            JOptionPane.showMessageDialog(null, "Either your email or 
   password are not corresponding. Please fix the issue.");
        }
        else{
            JOptionPane.showMessageDialog(null, "Account created!");
        }

    } catch (HeadlessException | FileNotFoundException erro) {
        JOptionPane.showMessageDialog(null, "Error creating Account. Please 
   try again.");
    }

Fyi, this code is imbued onto a button from a JForm. Thank you in advance for any help you may give.

Filburt
  • 17,626
  • 12
  • 64
  • 115
KennenBalls
  • 1
  • 2
  • It would help if you added the relevant programming language tag (Java?). – Filburt Jun 22 '17 at 09:41
  • Sorry I forgot, yea the language used is Java. – KennenBalls Jun 22 '17 at 09:51
  • 1
    **Do not encrypt passwords**, when the attacker gains admin access he will also get the encryption key. Just using a hash function is not sufficient and just adding a salt does little to improve the security. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use a function such as `password_hash`, `PBKDF2`, `Bcrypt` or similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force. – zaph Jun 22 '17 at 15:22
  • This is just for a final project. It wont make to the market, at least in this stage. This is only a simple/intermediate program so that it asures I have a good grade. – KennenBalls Jun 22 '17 at 15:57

1 Answers1

-2

jBcrypt is another option if you are looking for encryption and decryption in Java.It is a password hashing function based on the Blowfish cipher. Following is a sample code to encrypt and decrypt password using jBcrypt. Encryption:

public String hashPassword(String plainTextPassword){
        return BCrypt.hashpw(plainTextPassword, BCrypt.gensalt());
}

Check for Password Match

public boolean checkPass(String plainPassword, String hashedPassword) {
        if (BCrypt.checkpw(plainPassword, hashedPassword))
            return true;
        else
            return false;
}

Reference: Password Encryption using jBcypt

Dhiraj Ray
  • 827
  • 7
  • 11
  • 1
    There is no encryption or decryption taking place here. Please learn the difference between encryption and hashing and edit your answer. – Luke Joshua Park Jun 22 '17 at 12:25