Password encrypt/decrypt

Question

kalaiselvi.v 0 Newbie Poster

17 Years Ago

i want to encrypt the password and store in the database.
i extract character find ascii value of that and changed that value and stored in the database.but when i use this it wont have much security.
can anyone help me for password encryption.i m using JSP+HTML

java

5 Contributors
4 Replies
1K Views
4 Years Discussion Span
Latest Post 13 Years Ago Latest Post by meprasobh

vinod_javas 65 Practically a Posting Shark

17 Years Ago

use some algorithm for encryption...like RC4 algorithm

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

peter_budo 2,532 Code tags enforcer Team Colleague Featured Poster · Answer 1 · 2007-02-20T15:00:58+00:00

You can even create your own encryption/decryption algorithm. Put all the characters which are allowed to be in username & password into array. Pickup some number for example 4 and if you get "a" in username/password replace it with "e" and you have your algorithm. But yes there is plenty algorithm online, but be aware for some of them you have to pay and secondly you need your server admin get add for you. Also you shouold use servlets not only JSP's.

tonakai 9 Junior Poster · Answer 2 · 2007-02-20T15:21:23+00:00

Pickup some number for example 4 and if you get "a" in username/password replace it with "e" and you have your algorithm.

isn't it ceasar cipher :P

if you want to store passwords in db, i suggest you cryptographic hash functions

with hashing even if someone broke into your database they only see hashed-passwords...

many languages have hashing API's you can easily find them in their documentations or in the internet.

meprasobh -3 Newbie Poster · Answer 3 · 2011-03-28T19:04:56+00:00

import javax.crypto.Cipher;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import java.security.Key;
import java.security.InvalidKeyException;


public class EncriptAndDecript {

    private static String algorithm = "DESede";
    private static Key key = null;
    private static Cipher cipher = null;
    private static EncriptAndDecript obj = new EncriptAndDecript();

    private EncriptAndDecript() {
        try {
            key = KeyGenerator.getInstance(algorithm).generateKey();
            cipher = Cipher.getInstance(algorithm);
        } catch (Exception e) {
        }
    }

    public static EncriptAndDecript getInstance() {
        return obj;
    }

    public static byte[] encrypt(String input)
            throws InvalidKeyException,
            BadPaddingException,
            IllegalBlockSizeException {
        cipher.init(Cipher.ENCRYPT_MODE, key);
        byte[] inputBytes = input.getBytes();
        return cipher.doFinal(inputBytes);
    }

    public static String getEncryptStringValue(String input) throws InvalidKeyException,
            BadPaddingException,
            IllegalBlockSizeException {
        return new String(encrypt(input));
    }

    
    public static String decrypt(byte[] encryptionBytes)
            throws InvalidKeyException,
            BadPaddingException,
            IllegalBlockSizeException {
        cipher.init(Cipher.DECRYPT_MODE, key);
        byte[] recoveredBytes =
                cipher.doFinal(encryptionBytes);
        String recovered =
                new String(recoveredBytes);
        return recovered;
    }
}

1. Four years too late; 2. Having zero description on what that class is supposed to do; 3. Bad handling of excecptions