Home.... | log in.... | Pub my question! | Sign-up....

Advice on encryption technique

I have a program which requires a user to login. The username and password are stored in a Postgre database, with the password in clear text. In other words, when a user logs into the program the user/pass is checked against the database before continuing.

I want to make a change to the code, such that I can store a pre-encrypted password into the database, and have the password decrypted in the program.

I tried to use the AES algorithm using the Javax.crypto library, however the encrypted password won't store in my postgre database, which is currently set to accept 'varchar'. My assumption is, the database only allows UTF-8 text to be stored in it *shrug*.

Is there an easier method to encrypt/decrypt that will return utf-8 compliant results? Note, that the encryption really doesn't have to be fancy or 'uber' safe. My main concern is that it simply isn't cleartext.

Thanks!

[925 byte] By [AlMehdia] at [2007-11-27 10:44:31]

«« problem gettin output
»» Passing parameter/variable values to containers

# 1

Search this forum for 'password hash' or 'password hashing'. Also, you'll want to base64 encode the hashed password prior to storing it in the database. You can search for 'base64' in this forum.

ghstarka at 2007-7-28 20:07:21 >

top of Java-index,Security,Cryptography...

# 2

Don't do any of that. Store a one-way hash of the password, using a MessageDigest, hash the user entry, transmit that to the server, and compare the hashes for equality. Never store a password in any form. That way you can never be accused of leaking it.

ejpa at 2007-7-28 20:07:21 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Advice on encryption technique

Security Hot Topic

Security

All Classified