You could use encryption (***). But if
there’s a way to encrypt it, then there should be a way to decrypt it. So, encryption is also vulnerable to hacker’s
attack.
One-way hash encryption
So in that
condition use "one-way hash encryption" also known as a message
digest, digital signature, one-way encryption,
digital fingerprint, or cryptographic hash.
Hashing is
different from encryption. Because, encryption is two way, means that you can
always decrypt the encrypted text to get the original text. But Hashing is one way;
you can never get the original text from the hash value.
Thus it gives
more security than encryption.
There are
several message-digest algorithms (hashing algorithms) used widely today.
Like – MD5,
SHA-1, etc
SHA-1 (Secure Hash Algorithm 1) is slower than MD5,
but the message digest is larger, which makes it more resistant to brute force
attacks. Therefore, it is recommended that Secure Hash Algorithm is preferred
to MD5 for all of your digest needs. Note, SHA-1 now has even higher strength
brothers, SHA-256, SHA-384, and SHA-512 for 256, 384 and 512-bit digests
respectively.
Java.security.MessageDigest class provides applications the functionality of a message digest algorithm, such as MD5 or SHA. Message digests are secure one-way hash functions that take arbitrary-sized data and output a fixed-length hash value.
Here
is my class for storing secure password or string with two methods one is
highly secure than other. All actions are written above method for better
understanding.
import java.security.MessageDigest;
import sun.misc.BASE64Encoder;
/**
*
*
@author Navindra Jha <jha.j2ee@gmail.com>
*/
/**I make this class a singleton in order to ensure that
there is only one instance of it
* at any given time to avoid concurrency
issues and conflicts between generated hash values.*/
public final class Protected {
private static Protected instance;
private static final String stress="cooker";
/** private constructor means no one
directly create an instance of this class */
private Protected() {
}
/** makesafe() make password safe from hacker*/
public synchronized String makeSafe(String string) throws Exception {
/** getInstance() returns a MessageDigest object that implements the
* specified digest algorithm. like "SHA","MD5"*/
MessageDigest md=MessageDigest.getInstance("SHA");
/** convert the string into a byte-representation using UTF-8 encoding
format.*/
md.update(string.getBytes("UTF-8"));
/** generate an array of bytes that represent the digested (encrypted)
string value. */
byte rawdata[]=md.digest();
/** Create a String representation of the byte array representing the
digested string value.
* This is needed to be able to store the password in the database*/
String hashvalue=new BASE64Encoder().encode(rawdata);
return hashvalue;
}
/** if needs of instance then call
newInstance() method */
public static synchronized Protected newInstance() {
if (instance == null) {
return instance = new Protected();
}
return null;
}
/**
* Before generating a hash, adding a
simple text to the string will give added security.
* simple text that is known only to you/your
application.
* It can be “dog” or “mypet” or anything you
wish.
* makeMoreConfident() is highly secure
from hackers
*/
public synchronized String makeMoreConfident(String string) throws
Exception{
/** getInstance() returns a MessageDigest object that implements the
* specified digest algorithm. like "SHA","MD5"*/
MessageDigest md=MessageDigest.getInstance("SHA");
/** simple text is added to string
*/
string=stress+string;
/** convert the string into a byte-representation using UTF-8 encoding
format.*/
md.update(string.getBytes("UTF-8"));
/** generate an array of bytes that represent the digested (encrypted)
string value. */
byte rawdata[]=md.digest();
/** Create a String representation of the
byte array representing the digested string value.
* This is needed to be able to store the password in the database*/
String hashvalue=new BASE64Encoder().encode(rawdata);
return hashvalue;
}
}
Login login=new Login();
String
pass=Protected.newInstance().makeMoreConfident(request.getParameter("password"));
String
pass=Protected.newInstance().makeSafe(request.getParameter("password"));
login.setPassword(pass);
No comments:
Post a Comment