struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From YogeshCha...@lifeisgreat.com.sg
Subject Re: Password Encryption
Date Tue, 22 Apr 2003 10:12:05 GMT

Well, still looking for the Encryption part , but would be able to manage
that.
Need to know one thing. Is is better to have one generated key which can be
used to encrypt and decrypt all messages. Or to generate one key for each
password and storing it
Also the issue fo randomness for mixing the password with some salt ? Is
that suitable..And should that be implemented.

I am using DES as the algo . Would be storing the encrypted password in the
database.
The generated key I am planning to store in a file and that I would be
picking up for decrypting the password.
I am also mixing some keys with the password before storing.

Thanks

Yogesh



                                                                                         
                          
                    "Cheng Xu"                                                           
                          
                    <xu_cheng_cn@ho       To:     struts-user@jakarta.apache.org      
                             
                    tmail.com>            cc:                                         
                             
                                          Subject:     Re: Password Encryption           
                          
                    22/04/2003                                                           
                          
                    03:49 PM                                                             
                          
                    Please respond                                                       
                          
                    to "Struts                                                           
                          
                    Users Mailing                                                        
                          
                    List"                                                                
                          
                                                                                         
                          
                                                                                         
                          




You can try JCE. I use JCE to do symmetric key encryption/decryption in my
application.

Sample code:

public String decrypt(InputStream ciphertextstream) throws
DecryptorException {
    byte[] ciphertext;

    SecretKey key = new SecretKeySpec(default_key,
Decryptor.DEFAULT_CIPHER_TYPE);

    try {
      ObjectInputStream ois = new ObjectInputStream(ciphertextstream);
      int length = ois.readInt();
      ciphertext = new byte[length];

      ois.read(ciphertext);

      cipher = Cipher.getInstance(ciphertype);
      cipher.init(Cipher.DECRYPT_MODE, key);
      byte[] plaintext = cipher.doFinal(ciphertext);
      return new String(plaintext);
    }
    catch (IOException e) {
      throw new DecryptorException(e.getMessage());
    }
    catch (Exception e)  {
      throw new DecryptorException(e.getMessage());
    }

Guess you can figure out the encryption part easily after looking into JCE.

>From: YogeshChawla@lifeisgreat.com.sg
>Reply-To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>To: "Struts Users Mailing List" <struts-user@jakarta.apache.org>
>Subject: Password Encryption Date: Tue, 22 Apr 2003 15:21:21 +0800
>
>
>Thanks to all for your response.
>However there seems to be a problem which I am facing and which basically
>reflects what Voytek has written in the mail below.
>      - - Not to refer to MD5 as encryption.
>
>The issue is that I do not have any option of converting the hashed MD5
>password back to its original form. Therefore it seems that I cannot just
>only use MD5 for hashing the password and storing in the database since I
>require the original password in certain cases.
>
>I would like to know what is the best option for the functionality of both
>encrypting and decrypting the password.
>Any small sample program or link would also be a great help.
>
>Really would appreciate your responses asap.
>
>Regards,
>
>Yogesh
>
>
>
>                     Jarnot Voytek Contr
>                     AU HQ/SC                   To:     "'Struts Users
>Mailing List'" <struts-user@jakarta.apache.org>
>                     <Voytek.Jarnot@MAXWE       cc:
>                     LL.AF.MIL>                 Subject:     RE: Password
>Encryption using MD5
>
>                     17/04/2003 08:56 PM
>                     Please respond to
>                     "Struts Users
>                     Mailing List"
>
>
>
>
>
>
>We convert the result of the hash into a string of hex, so we can store it
>in a varchar2 field... otherwise the weird chars seemed to confuse oracle.
>
>It's also a really good idea to not refer to MD5 as 'encryption', your
>passwords are not encrypted - they are hashed...
>
>--
>Voytek Jarnot
>Quidquid latine dictum sit, altum viditur.
>
> > -----Original Message-----
> > From: YogeshChawla@lifeisgreat.com.sg
> > [mailto:YogeshChawla@lifeisgreat.com.sg]
> > Sent: Thursday, April 17, 2003 2:50 AM
> > To: Struts Users Mailing List
> > Subject: Password Encryption using MD5
> >
> >
> > Hello,
> >
> > Need one important info. Really would appreciate your help on
> > this one.
> >
> > If I need to store Message Digest  encrypted passwords in a
> > database, what
> > database datatypes can be used and what should be the size of
> > the column
> > for storage.
> > What is the possible Maximum length of the generated digest ?
> >
> > Can anybody reply on this asap.
> >
> > Thanks,
> >
> > Yogesh
> >
> >
> >
> > --------------------------------------------------------------
> > --------------
> > -----
> >
> > CONFIDENTIALITY CAUTION :
> > The email is only for the use of the person or entity to whom it is
> > addressed and contains information that is privileged and
> > confidential. If
> > you, the reader of this email are not the intended recipient, any
> > distribution, copying or dissemination of this email is strictly
> > prohibited. If you have received this email in error, please
> > contact the
> > sender immediately by return email and delete this email.
> > Thank you. Please
> > visit our website at http://www.lifeisgreat.com.sg.
> >
> > --------------------------------------------------------------
> > --------------
> > -----
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> >
> > This transmission (and any information attached to it) may be
> > confidential and is intended solely for the use of the
> > individual or entity to which it is addressed. If you are not
> > the intended recipient or the person responsible for
> > delivering the transmission to the intended recipient, be
> > advised that you have received this transmission in error and
> > that any use, dissemination, forwarding, printing, or copying
> > of this information is strictly prohibited. If you have
> > received this transmission in error, please immediately
> > notify LabOne at the following email address:
> > securityincidentreporting@labone.com
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: struts-user-help@jakarta.apache.org
>


_________________________________________________________________
Find gifts, buy online with MSN Shopping. http://shopping.msn.com.sg/


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org






---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message