Solved

encrypt password

Posted on 2004-04-07
20
1,236 Views
Last Modified: 2012-06-21
Is it possibe to encrypt a password before sending it to a mysql database. If so how would u do so?  Would it be possible to use assembler or what would work with jsp?
Cheers, Raftor
0
Comment
Question by:Raftor
  • 9
  • 6
  • 3
  • +1
20 Comments
 
LVL 35

Expert Comment

by:TimYates
ID: 10773428
I would use SSL

http://java.sun.com/webservices/docs/1.0/tutorial/doc/WebAppSecurity6.html

Then the browser will encrypt anything sent to the server, and the server will encrypt responses...

If you are just looking to encrypt the password in the database, then MD5 is what you want:

http://javaalmanac.com/egs/java.security/Digest.html
0
 

Assisted Solution

by:nishit4all
nishit4all earned 45 total points
ID: 10777655
hi there,
you can follow different encryption tech. like this one. Get the password's individual character's ascii value, also generate a random number. Now use any mathematical operator like multiplication or addition and apply between every ascii value and random number. Store it into database in encrypted format.
Perform reverse of this when checking password.

if you want to do this using javascript, later u can copy it to your java code try this :

<!-- TWO STEPS TO INSTALL ASCII ENCRYPTION:

  1.  Copy the coding into the HEAD of your HTML document
  2.  Add the last code into the BODY of your HTML document  -->

<!-- STEP ONE: Paste this code into the HEAD of your HTML document  -->

<HEAD>

<SCRIPT LANGUAGE="JavaScript">

<!-- Begin
function Encrypt(theText) {
output = new String;
Temp = new Array();
Temp2 = new Array();
TextSize = theText.length;
for (i = 0; i < TextSize; i++) {
rnd = Math.round(Math.random() * 122) + 68;
Temp[i] = theText.charCodeAt(i) + rnd;
Temp2[i] = rnd;
}
for (i = 0; i < TextSize; i++) {
output += String.fromCharCode(Temp[i], Temp2[i]);
}
return output;
}
function unEncrypt(theText) {
output = new String;
Temp = new Array();
Temp2 = new Array();
TextSize = theText.length;
for (i = 0; i < TextSize; i++) {
Temp[i] = theText.charCodeAt(i);
Temp2[i] = theText.charCodeAt(i + 1);
}
for (i = 0; i < TextSize; i = i+2) {
output += String.fromCharCode(Temp[i] - Temp2[i]);
}
return output;
}
//  End -->
</script>
</HEAD>

<!-- STEP TWO: Copy this code into the BODY of your HTML document  -->

<BODY>

<center>
<form name=encform onsubmit="return false;">
<textarea name=box1 rows=5 cols=50>The quick brown fox jumps over the lazy dog</textarea>
<p>
<input type=button value="Encrypt Box1 to Box2" onClick="this.form.box2.value=Encrypt(this.form.box1.value);">
<p>
<textarea name=box2 rows=5 cols=50></textarea>
<p>
<input type=button value="Decrypt Box2 to Box3" onClick="this.form.box3.value=unEncrypt(this.form.box2.value);">
<p>
<textarea name=box3 rows=5 cols=50></textarea>
</form>
</center>

<p><center>
0
 

Author Comment

by:Raftor
ID: 10777826
Thats very good ill try that and come back to you with any questions later.
0
 
LVL 92

Accepted Solution

by:
objects earned 80 total points
ID: 10779215
0
 

Author Comment

by:Raftor
ID: 10779716
That site looks Objects very good but i can get a java file with the example that uses the class to compile. i am importing the
javax.crypto classes but what am i leaving out?
0
 

Author Comment

by:Raftor
ID: 10779723
Its says to generate a temporary key.  How do i do this?
0
 
LVL 92

Expert Comment

by:objects
ID: 10779735
what errors are you getting?
0
 

Author Comment

by:Raftor
ID: 10779743

C:\Project>javac EncDec.java
EncDec.java:15: cannot resolve symbol
symbol  : class DesEncrypter
location: class Project.EncDec
                DesEncrypter encrypter = new DesEncrypter(key);
                ^
EncDec.java:15: cannot resolve symbol
symbol  : class DesEncrypter
location: class Project.EncDec
                DesEncrypter encrypter = new DesEncrypter(key);
                                                            ^
These are the errors but the other file DesEncrypter compiles fine!
0
 

Author Comment

by:Raftor
ID: 10779762
import javax.crypto.*;

public class EncDec{
      public static void main (String[] args)      {
            try{
              SecretKey key = KeyGenerator.getInstance("DES").generateKey();
              DesEncrypter encrypter = new DesEncrypter(key);
              String encrypted = encrypter.encrypt("Don't tell anybody!");
              String decrypted = encrypter.decrypt(encrypted);
          } catch (Exception e) {        }
    }
}
this is EncDec.java
0
 
LVL 92

Expert Comment

by:objects
ID: 10779793
Add the DesEncrypter class to your Project package.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:Raftor
ID: 10779820
Damn that still didnt work. This is the exact code i am using. Any more suggestions?

////////////////////////////////////EncDec.java/////////////////////////
package Project;
import javax.crypto.*;

public class EncDec{
      public static void main (String args[])      {
            try      {
              SecretKey key = KeyGenerator.getInstance("DES").generateKey();
              // Create encrypter/decrypter class
              DesEncrypter encrypter = new DesEncrypter(key);

              // Encrypt
              String encrypted = encrypter.encrypt("Don't tell anybody!");

              // Decrypt
              String decrypted = encrypter.decrypt(encrypted);
          } catch (Exception e) {        }
    }
}

////////////////////////////////////////////DesEncrypter.java/////////////////////
package Project;
import javax.crypto.*;

public class DesEncrypter {
        Cipher ecipher;
        Cipher dcipher;
   
        DesEncrypter(SecretKey key) {
            try {
                ecipher = Cipher.getInstance("DES");
                dcipher = Cipher.getInstance("DES");
                ecipher.init(Cipher.ENCRYPT_MODE, key);
                dcipher.init(Cipher.DECRYPT_MODE, key);
   
            } catch (javax.crypto.NoSuchPaddingException e) {
            } catch (java.security.NoSuchAlgorithmException e) {
            } catch (java.security.InvalidKeyException e) {
            }
        }
   
        public String encrypt(String str) {
            try {
                // Encode the string into bytes using utf-8
                byte[] utf8 = str.getBytes("UTF8");
   
                // Encrypt
                byte[] enc = ecipher.doFinal(utf8);
   
                // Encode bytes to base64 to get a string
                return new sun.misc.BASE64Encoder().encode(enc);
            } catch (javax.crypto.BadPaddingException e) {
            } catch (IllegalBlockSizeException e) {
            } catch (java.io.IOException e) {
            }
            return null;
        }
   
        public String decrypt(String str) {
            try {
                // Decode base64 to get bytes
                byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);
   
                // Decrypt
                byte[] utf8 = dcipher.doFinal(dec);
   
                // Decode using utf-8
                return new String(utf8, "UTF8");
            } catch (javax.crypto.BadPaddingException e) {
            } catch (IllegalBlockSizeException e) {
            } catch (java.io.IOException e) {
            }
            return null;
        }
    }
0
 
LVL 92

Expert Comment

by:objects
ID: 10779866
are both java files in same directory (Project)
what errors now?
0
 

Author Comment

by:Raftor
ID: 10779884
Ya they are in the same directory and im still getting the same errors,

C:\Project>javac EncDec.java
EncDec.java:15: cannot resolve symbol
symbol  : class DesEncrypter
location: class Project.EncDec
                DesEncrypter encrypter = new DesEncrypter(key);
                ^
EncDec.java:15: cannot resolve symbol
symbol  : class DesEncrypter
location: class Project.EncDec
                DesEncrypter encrypter = new DesEncrypter(key);
                                                              ^
0
 
LVL 92

Expert Comment

by:objects
ID: 10779921
is the parent directory of Project in your classpath?
0
 

Author Comment

by:Raftor
ID: 10779926
Uhh ohhh
0
 

Author Comment

by:Raftor
ID: 10780012
Thats it alright, sometimes when i spend too long looking at a problem i cant see the wood from the trees.
Thanks Experts!!
Raftor.
0
 
LVL 92

Expert Comment

by:objects
ID: 10780066
0
 
LVL 35

Expert Comment

by:TimYates
ID: 10781683
Just to ask why you are using DES?  That would mean that passwords can be decrypted, which isn't usually what you want...

That's why I suggested MD5

*shrug*

Oh well :)

Glad you got it sorted :)
0
 
LVL 35

Expert Comment

by:TimYates
ID: 10781700
Also,  nishit4all's Assisted answer would mean the encryption method is in the HTML source for the page!!?!  And it is not a recognised secure method of encryption...
0
 

Expert Comment

by:nishit4all
ID: 10794004
glad u got the sol'n Raftor,
    would like to tell TimYates, that javascript code can be converted to java code and then can be implemented. But still it wouln't have been that secured, well that was just a small encryption tech in which cracking password wont be that easy.
thanks,
nishit
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

A Short Story about the Best File Recovery Software – Acronis True Image 2017
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now