How to store secure password?



 You could use encryption (***). But if there’s a way to encrypt it, then there should be a way to decrypt it.  So, encryption is also vulnerable to hacker’s attack.

  One-way hash encryption

 So in that condition use "one-way hash encryption" also known as a message digest, digital signature, one-way    encryption, digital fingerprint, or cryptographic hash.
 Hashing is different from encryption. Because, encryption is two way, means that you can always decrypt the encrypted text to get the original text. But Hashing is one way; you can never get the original text from the hash value.
  Thus it gives more security than encryption.
  There are several message-digest algorithms (hashing algorithms) used widely today.
  Like – MD5, SHA-1, etc
SHA-1 (Secure Hash Algorithm 1) is slower than MD5, but the message digest is larger, which makes it more resistant to brute force attacks. Therefore, it is recommended that Secure Hash Algorithm is preferred to MD5 for all of your digest needs. Note, SHA-1 now has even higher strength brothers, SHA-256, SHA-384, and SHA-512 for 256, 384 and 512-bit digests respectively.

Java.security.MessageDigest class provides applications the functionality of a message digest algorithm, such as MD5 or SHA. Message digests are secure one-way hash functions that take arbitrary-sized data and output a fixed-length hash value.


 Here is my class for storing secure password or string with two methods one is highly secure than other. All actions are written above method for better understanding.

import java.security.MessageDigest;
import sun.misc.BASE64Encoder;

/**
 *
 * @author Navindra Jha <jha.j2ee@gmail.com>
 */
/**I make this class a singleton in order to ensure that there is only one instance of it
 * at any given time to avoid concurrency issues and conflicts between generated hash values.*/
public final class Protected {

    private static Protected instance;
    private static final String stress="cooker";
/** private constructor means no one directly create an instance of this class */
    private Protected() {
    }
/** makesafe() make password safe from hacker*/
    public synchronized String makeSafe(String string) throws Exception {
        /** getInstance() returns a MessageDigest object that implements the
         * specified digest algorithm. like "SHA","MD5"*/
        MessageDigest md=MessageDigest.getInstance("SHA");
        /** convert the string into a byte-representation using UTF-8 encoding format.*/
        md.update(string.getBytes("UTF-8"));
        /** generate an array of bytes that represent the digested (encrypted) string value. */
        byte rawdata[]=md.digest();
        /** Create a String representation of the byte array representing the digested string value.
         * This is needed to be able to store the password in the database*/
        String hashvalue=new BASE64Encoder().encode(rawdata);
        return hashvalue;
    }
/** if needs of instance then call newInstance() method */
    public static synchronized Protected newInstance() {
        if (instance == null) {
            return instance = new Protected();
        }
        return null;
    }
 /**
  * Before generating a hash, adding a simple text to the string will give added security.
  * simple text that is known only to you/your application.
  * It can be “dog” or “mypet” or anything you wish. 
  * makeMoreConfident() is highly secure from hackers
  */
    public synchronized String makeMoreConfident(String string) throws Exception{
        /** getInstance() returns a MessageDigest object that implements the
         * specified digest algorithm. like "SHA","MD5"*/
        MessageDigest md=MessageDigest.getInstance("SHA");
        /** simple text is added to string  */
        string=stress+string;
        /** convert the string into a byte-representation using UTF-8 encoding format.*/
        md.update(string.getBytes("UTF-8"));
        /** generate an array of bytes that represent the digested (encrypted) string value. */
        byte rawdata[]=md.digest();
        /** Create a String representation of the byte array representing the digested string value.
         * This is needed to be able to store the password in the database*/
        String hashvalue=new BASE64Encoder().encode(rawdata);
        return hashvalue;
       
    }
}

Login login=new Login();
String pass=Protected.newInstance().makeMoreConfident(request.getParameter("password"));
String pass=Protected.newInstance().makeSafe(request.getParameter("password"));
login.setPassword(pass);