Pages Navigation Menu

Coding is much easier than you think

Encryption in Java – Message Digest

Posted by in Java | 2 comments

 

It is the common need of any web application with user authentication to store passwords.

  • Most important thing is the password needs to be encrypted.
  • There are plenty of ways to implement encryption depending on need – One way encryption, using keys etc.
  • If need is that the user is the only person who needs to know the password and no one else (including the DB administrator) then Message Digest is the way to go for.
  • Message Digest (MD) is one way encryption.
  • It means a password is provided to the code it creates a Message Digest (Alphanumeric String) which is irreversible.
  • So say for example a user chooses a password the first time, the Message Digest is created for the password and stored in the database.
  • Then the next time the user is logging in, he/she enters the password, the systems again creates the Message Digest and compares it with the one stored in the database.
  • Points to consider while implementing:
    • What if the user forgets the password – The only way is to reset the password, i.e. tell the user to choose a new password and store the new Message Digest
    • How much this will affect the performance – Not much as only one step is added of creating the Message Digest whenever authentication is required.
  • Algorithms that can be used for creating Message Digest – MD5 (32 character MD), SHA family – SHA -1 and SHA – 2 family (40 character MD)
  • Protection from following attacks:
    • Brute force attack
    • Dictionary Attacks – Possible to crack but if we add salt (random encrypted characters to Message Digest) then it is almost impossible to crack.
  • Following is a sample code to create Message Digest in Java

 

import java.security.MessageDigest;
public class EncryptPass {
    /* MD5 creates a MD of 32 chars the following
     * string can be changed to SHA it will create
     * a MD of 40 chars
    */
    private static String algorithm = "MD5";
    public String encryptPassNow(String password) {
        byte[] plainText = password.getBytes();
        MessageDigest md = null;
        try {
            md = MessageDigest.getInstance(algorithm);
        }
        catch (Exception e) {
            System.err.println(e.toString());
        }
		md.reset();
		md.update(plainText);
		byte[] encodedPassword = md.digest();

		StringBuilder sb = new StringBuilder();
		for (int i = 0; i < encodedPassword.length; i++) {
			if ((encodedPassword[i] & 0xff) < 0x10) {
				sb.append("0");
			}
			sb.append(Long.toString(encodedPassword[i] & 0xff, 16));
		}
		return sb.toString();
	}

	public static void main(String[] args) {
		String password = "password";
		EncryptPass en = new EncryptPass();
		System.out.println("Plain : " + password);
		System.out.println("Encrypted: " + en.encryptPassNow(password));
	}
}

PROJECT ENQUIRY  CONTACT US

2 Comments

  1. Benniston /

    Normally I don’t read article on blogs, but I wish to say that this write-up very compelled me to check out and do it!
    Your writing taste has been surprised me. Thanks, very nice article.

  2. Mohammed /

    Very nice post. I just stumbled upon your weblog and wanted to say that I’ve truly enjoyed surfing around your blog posts.