1

I have a java swing application which starts with a login page and should take admin to the dashboard if the login is authenticated. As there is just 1 admin, so there is just 1 username and password combination.

Right now, I am just inserting username and password to the sql table using a simple insert query. I am new at this so I don't know how to go about this

create table login (
    Emp_id INT AUTO_INCREMENT PRIMARY KEY,
    Emp_Fname VARCHAR(50),
    Emp_Lname VARCHAR(50),
    Username VARCHAR(50),
    Password VARCHAR(50)
);
insert into login (Emp_id, Emp_Fname, Emp_Lname, Username, Password) values (1, 'TestFName', 'TestLName', 'Test', 'Test');

Instead of storing passwords in plain text, I want it encrypted or hash.

Serg
  • 22,285
  • 5
  • 21
  • 48
Barney Tribbiani
  • 29
  • 1
  • 1
  • 3
  • 1
    Look at this [question](https://stackoverflow.com/questions/2860943/how-can-i-hash-a-password-in-java) or [this one](https://stackoverflow.com/questions/33085493/how-to-hash-a-password-with-sha-512-in-java). Do note the length of your password field has to fit the whole hash or you lose some of the mechanism strength – roookeee Jul 04 '19 at 19:53
  • See [How to securely hash passwords?](https://security.stackexchange.com/q/211) – Andreas Jul 04 '19 at 20:40
  • Do some **research**, e.g. web search for [`java store password`](https://www.google.com/search?q=java+store+password) – Andreas Jul 04 '19 at 20:40

1 Answers1

0

I am currently typing from my phone so forgive me. It seems like u want your password to look like: eive29ceic28e8c38d9h3ce9h instead of "password123"

You can use something like SHA-1, which have an integration in java with SHA256 and SHA512. Both of which can be found after a quick Google search. I personally used them in a project but ran recursively this method 100 times using the result from one round as the input for the next. Then I extended the length of the string by using this scheme: password + password backwards + password + password. In my case the password got 4x512 bits long and seemed relatively secure. After that I saved it to a file and every time I want to login, I take the input and encrypt it and then compare it to my password in my file. If they match you're in. I know that you can crack sha-1 opens it brute force. If you want something different try bcrypt, pbkdf2 or argon2.

I would like to give you links but that's hard on mobile. I hope this works iut for you. Otherwise I will comment tomorrow morning

Edit: look into your comments there is a link to the algorithm I meant. Just put it in a for loop 100 times...

Halvor Sakshaug
  • 2,583
  • 1
  • 6
  • 9
Maximilian Horn
  • 43
  • 1
  • 9
  • Appending the password in different forms to the original password as you suggest won't improve the security by a lot, rather use hash salt. – Marko Zajc Jul 29 '19 at 14:41
  • It actually does because as u may nkow: Length beats complexity everytime. So using my mehtod can help to extend the duration of brute force. If you need more security build an algorithm urself to extend the length to maybe 10k or 100k length. More loss in performance (minimal) but higher security – Maximilian Horn Dec 16 '19 at 15:37