Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 408
  • Last Modified:

Non-human readable file handling

Hi,

I want to store a password (which the user has chosen to login to my program) in an external file.
However i don't want the external file to be readable in anyway, e.g. when opening the file in windows notepad it should not display the password text. I have tried binary files (FileOutputStream and DataOutputStream classes), although the text editor can't read the file properly it still displays the password text i have written to it.

Is there any way in java i can save a password in an external file and be 100% sure that the password cannot be retrieved unless read by my program. I was thinking along the lines of just saving it using some sort of java class rather than having to write some sort of complex algorithm which i write the password with then read it back by reversing the algorithm (not sure if that would make sense to experts!) but i hope you get the idea of what im trying to do.

Thanks !
0
Ravi Singh
Asked:
Ravi Singh
  • 4
1 Solution
 
CEHJCommented:
You should store the password in the file as an MD5 hash and then compare that to the MD5 hashed value of the input. The MD5 hash is unreadable and 'uncrackable'
0
 
Ravi SinghSenior Software EngineerAuthor Commented:
Hi CEHJ where can I learn more about MD5? Is there any online tutorials? Thanks!
0
 
CEHJCommented:
See

http://javaalmanac.com/egs/java.security/Digest.html

You can write the byte buffer into the file
0
 
CEHJCommented:
You can play with this: put it in a main method:

            String enteredPassword = args[0];
            java.security.MessageDigest md5 = java.security.MessageDigest.getInstance("MD5");
            // Just an example - all you'd be storing is 'digestedPassword' in a file
            String password = "abracadabra";
            byte[] digestedPassword = md5.digest(password.getBytes("UTF8"));
            byte[] enteredPasswordDigested = md5.digest(enteredPassword.getBytes("UTF8"));
            System.out.println(new sun.misc.HexDumpEncoder().encode(digestedPassword));
            System.out.println(new sun.misc.HexDumpEncoder().encode(enteredPasswordDigested));
            System.out.println(md5.isEqual(enteredPasswordDigested, digestedPassword)? "You're in!" : "No dice!");
0
 
CEHJCommented:
8-)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now