 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / March 2006Store encrypted password in database
Hi, I am working on a Java application where I need to store encrypted passwords in a database. So far I have a password which I have encrypted using MessageDigest class as below: /* * encrypt password */ try{ MessageDigest md = MessageDigest.getInstance("MD5"); md.update(password.getBytes()); byte[] hashedPwd = md.digest(); kryptPwd = new String(hashedPwd); }catch (Exception e){ System.out.println(e); } This returns a encrypted password, but the String that is returned has very strange characters which I beleive will introduce a lot of problems when storing it in the database (when later comparing/verifying the encrypted passwords using SQL). I have noticed that stored passwords in Oracle database having "normal characters" (as A-Z and 0-9). Is there some normal procedure of how to convert the digested password to a more "database friendly" format? Regards, Per Magnus Hi, the strings you are seeing in your database are hex strings, generally all digested strings you'll see will come in this format. Googling for java+byte+array+to+hex+string should give you the resources you need to do the conversion, I don't know of any standard java API for this. Cheers, Sean. A semi-standard API, from Catalina/Tomcat/whatever: String string = HexUtils.convert(byteAry); Source code for HexUtils here. http://www.koders.com/java/fid28EC79114EA6FDE798BDCFC0BC8F29078E37BB28.aspx I actually didn't know about that method but I found it using my Prospector web demo tool that I created as part of my research: http://snobol.cs.berkeley.edu/prospector/search?dst=java.lang.String&src=byte[] You may like it for other things too. >This returns a encrypted password, but the String that is returned has >very strange characters which I beleive will introduce a lot of >problems when storing it in the database (when later >comparing/verifying the encrypted passwords using SQL). One common technique is to compute the SHA-1 and store it as a hex string of 40 digits.  SignatureCanadian Mind Products, Roedy Green. http://mindprod.com Java custom programming, consulting and coaching. > Hi, > I am working on a Java application where I need to store encrypted [quoted text clipped - 23 lines] > characters" (as A-Z and 0-9). Is there some normal procedure of how to > convert the digested password to a more "database friendly" format? Change password field to binary format, and store digest "as is". Then you don't need to do binary<->String conversions, which will also remove your problems with "weird" Strings. Also, using MessageDigest.isEqual - method removes need for manually checking hash equality. By using PreparedStatements with setBinary/getBinary, things should work just fine. -- Harri Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.