How to prevent password re-generating?

Question

I use Hibernate annotation to encrypt password

@ColumnTransformer(write = "crypt(?, gen_salt(...))")
private String password;

But after updating the entity I see in logs that password re-generated.

 password=crypt('$2a$...

How to prevent this field from another encryption while saving the object?

keep a list of existing passwords and store all the generated passwords in thre. — Stultuske, Sep 04 '19 at 11:46
Your question lacks details. Right before updating, what is the content of `password` ? Is your salt the same between two iterations ? — Lou_is, Sep 04 '19 at 15:54
@Lou_is, when firstly saved, password contains a hashed value, when updating it replaces with hash from previously hashed value. The salt stays the same — Daria Bulanova, Sep 04 '19 at 16:01
Understood. What do you use the password for? User authentication? — Lou_is, Sep 04 '19 at 17:07

score 1 · Answer 1 · answered Sep 05 '19 at 11:31

Two possible solutions here, my guess is you should go for the second:

Either you need the clear password for some reason, and then you should use a "decrypt" statement on table read, see example 73 in section 2.3.19.

Or you only need to check if the user has sent the right password, and should use a hash function and not encryption. See the difference between hash and encryption, and when to use each.

score 0 · Accepted Answer · answered Sep 05 '19 at 16:19

0

Use that configuration

@Column(name = "password", nullable = false, updatable = false)

answered Sep 05 '19 at 16:19

Daria Bulanova

2 Answers2