-
-
Notifications
You must be signed in to change notification settings - Fork 6
Create secure passwords with the PasswordEncryptor
In this section we see how to secure passwords with the PasswordEncryptor.
Why encrypting passwords?
In a secure app you have to encrypt the passwords of your users. So no one can see them in plain text.
Not even the admin of your app should see the passwords so a secure way is to hash the passwords. The hash algorithms are one way encryption what means there is no way to decrypt a hashed password.
There are still ways to crack a hashed password but this takes a lot of time.
These ways are the dictionary, brute-force, lookup-tables, reverse-lookup-tables and rainbow-tables attacks.
The PasswordEncryptor uses also a salt to make it more difficult to crack a hashed password.
You can do this easily with the PasswordEncryptor as the following code shows:
import de.alpharogroup.crypto.pw.PasswordEncryptor;
...
PasswordEncryptor passwordService = PasswordEncryptor.getInstance();
String salt = passwordService.getRandomSalt(8);
String hashedPassword;
try {
hashedPassword = passwordService.hashAndHexPassword(
password, salt);
} catch ( NoSuchAlgorithmException | InvalidKeyException
| UnsupportedEncodingException | NoSuchPaddingException
| IllegalBlockSizeException | BadPaddingException e ) {
throw new IllegalArgumentException(e);
}
Do not use the same salt for hashing the passwords.