1

I am storing passwords for my users as an encrypted string. If I open a user to edit in the admin console. The entire encrypted sting is not copied over and if I save the user, their password no longer works. I'm guessing the encryption is creating characters that interfere with the data viewer and say the field is ending before it really is. Is this a problem with app engine or should I be storing my passwords as a different type? If any other information is needed I will be happy to provide more details.

Below is the hashing method I use, this is directly saved into the data store. 

public String getHash(String password, byte[] salt) throws NoSuchAlgorithmException, UnsupportedEncodingException {
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.reset();
    md.update(salt);
    return new String(md.digest(password.getBytes("UTF-8")));
}
Cœur
  • 37,241
  • 25
  • 195
  • 267
Lumpy
  • 3,632
  • 4
  • 34
  • 58
  • added hashing method in question – Lumpy Jan 30 '12 at 16:22
  • 2
    I think your guess is correct; `digest` returns the digest in binary format, which may very well contain non-printable characters. Storing the digest in its hex representation would make it easier to copy and paste from the datastore viewer, although it's apparently a bit convoluted to do the conversion in Java. (see http://stackoverflow.com/questions/332079/in-java-how-do-i-convert-a-byte-array-to-a-string-of-hex-digits-while-keeping-l ) – Wooble Jan 30 '12 at 16:35
  • If you post this as an answer I'll accept – Lumpy Jan 31 '12 at 16:23
  • Use either hex or Base64. As @Wooble says, the digest is bytes, not characters. You need to make the bytes into something that can be recognised as a string, hex, Base64, Base32 or similar. Hex is easiest to hand-code. Base64 is most compact. – rossum Feb 01 '12 at 00:07
  • if right now I only have their password stored as a string, can I convert this to hex? – Lumpy Feb 01 '12 at 18:44

0 Answers0