It generates a salt value and encrypted password using the given plain-text password. The class PassEncTech4 contains the driver code for the program.In the above code, two classes are defined. Salt value = n7d9MPQFXxDqzT6onmong3hQt8Nyko Secure password = sA0jNGQTrAfMUiqrB bMKTU55ThdFCl16ZZTIXwD2M= String newSecurePassword = generateSecurePassword(providedPassword, salt) įinalval = newSecurePassword.equalsIgnoreCase(securedPassword) * Generate New secure password with the same salt */ Public static boolean verifyUserPassword(String providedPassword, * Method to verify if both password matches or not */ Public static String generateSecurePassword(String password, String salt)īyte securePassword = hash(password.toCharArray(), salt.getBytes()) įinalval = Base64.getEncoder().encodeToString(securePassword) * Method to encrypt the password using the original password and salt value. Throw new AssertionError("Error while hashing a password: " e.getMessage(), e) Return skf.generateSecret(spec).getEncoded() Ĭatch (NoSuchAlgorithmException | InvalidKeySpecException e) SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1") PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, keylength) Īrrays.fill(password, Character.MIN_VALUE) Public static byte hash(char password, byte salt) StringBuilder finalval = new StringBuilder(length) įinalval.append(characters.charAt(random.nextInt(characters.length()))) Public static String getSaltvalue(int length) Private static final int keylength = 256 Private static final int iterations = 10000 Private static final String characters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" Private static final Random random = new SecureRandom() * verify the original password and encrypted password */īoolean status = PassBasedEnc.verifyUserPassword(password,encryptedpassword,saltvalue) ("Secure password = " encryptedpassword) * Print out plain text password, encrypted password and salt value. String encryptedpassword = PassBasedEnc.generateSecurePassword(password, saltvalue) String saltvalue = PassBasedEnc.getSaltvalue(30) MessageDigest md = MessageDigest.getInstance("SHA-512") * MessageDigest instance for hashing using SHA512*/ ("Exception thrown for incorrect algorithm: " e) ("\n" string2 " : " toHexString(getSHA(string2))) ("\n" string1 " : " toHexString(getSHA(string1))) StringBuilder hexString = new StringBuilder(number.toString(16)) * Convert byte array of hash into digest */īigInteger number = new BigInteger(1, hash) Public static String toHexString(byte hash) Return md.digest(input.getBytes(StandardCharsets.UTF_8)) * digest() method called to calculate message digest of an input and return array of byte */ MessageDigest md = MessageDigest.getInstance("SHA-256") * MessageDigest instance for hashing using SHA256 */ Public static byte getSHA(String input) throws NoSuchAlgorithmException ("Encrypted password using MD5: " encryptedpassword) * Display the unencrypted and encrypted passwords. * Complete hashed password in hexadecimal format */ * The bytes array has bytes in decimal form. * Add plain-text password bytes to digest using MD5 update() method. MessageDigest m = MessageDigest.getInstance("MD5") This algorithm is defined under curity package in Java programming. It is a cryptographic hash function that generates a 128-bits hash value. The MD5 (Message Digest) is a very popular hashing algorithm. Java programming supports several hashing techniques in order to encrypt a password. The encrypted hash value is generated using certain algorithms on the plain text password provided by the user. But the hashing is one of the most popular encryption techniques. ![]() There are many methods that can be used to encrypt the password. Using various encryption techniques, the plain text password is stored in an encrypted form in the database. To ensure the security of the user's password, it is encrypted using different encryption techniques. Hackers may break the system and steal the passwords from the database. Storing the plain text as it is into the database is not secure at all. When a user sets his/her password, it stores in the database as a plain text. Because anyone with valid credentials can enter into the system and access the information. ![]() But while creating a password, one must be very careful. A username can be anything like an email-id or just a combination of characters. Next → ← prev How to Encrypt Password in Java?Įvery software application requires a username and password in order to authenticate the valid user.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |