db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Hainlin <dhain...@attbi.com>
Subject Re: Storing and validating passwords
Date Fri, 02 May 2003 15:58:03 GMT
You can also use a simple java.security.MessageDigest such as MD5 and 
then convert to hex. Fair if you don't need iron clad security (can be 
cracked) and don't want the complexity of managing your own keys. 
Something like

MessageDigest md = MessageDigest.getInstance("MD5");
String plain = username + password; // concat with user name to prevent 
predictability of the same password...
md.update(plain.getBytes());
String digested = toHex(md.digest());

where toHex is a simple (user provided) method converting a byte array 
to a String (other encodings will work too) or store the bytes raw.

You can't decode the digest but you can repeat the procedure on login 
and compare the results. If they match, then passwords match...

Fast, and simple but again, not right for every situation.

Cheers, David


Russell Simpkins wrote:

>You could use the java crypto api and do your own key gen and write methods to encrypt/decrypt
during validation.
>
>-----Original Message-----
>From: Derek Hardy [mailto:derek.hardy@teknosys.co.uk]
>Sent: Friday, May 02, 2003 10:44 AM
>To: torque-user@db.apache.org
>Subject: Storing and validating passwords
>
>
>Hi
>
>I want to use Torque to query a table of users that has the password stored
>in the table, but encrypted.
>
>Is there a platform-independant way of doing this?
>
>If not, how can I do this using the MySQL sha1() method?
>
>Thanks in advance for any help.
>
>Derek Hardy
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
>For additional commands, e-mail: torque-user-help@db.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
>For additional commands, e-mail: torque-user-help@db.apache.org
>
>
>  
>



Mime
View raw message