How to encrypt password in Java

One of the most important security features used today are passwords. It is important for both you and all your users to have secured and unguessable passwords.  Passwords are always meant as sensitive personal data and so the way broadly used today is password encryption.  We encrypt password using one way techniques, this is, digests.  In this way, we only encrypt a password and there is absolutely no reason for a password being decrypted. Thing is kinda like, user insert a password, the passwords gets encrypted immediately, and then the encrypted password gets persisted or anything else.

So do so a lot of encryption algorithms has been developed depending on needs. The most used ones are:

  • MD5 algorithm
  • SHA Family: SHA-1 algorithm and SHA-2 variants (SHA-224, SHA-256, SHA-384 and SHA-512)

MD5 and SHA1 is most adequate choice for password digesting.

As a lot implementation of these algorithms in different language has done already, I was looking for java. Today I found a very much simplified and easy to use java library which is production-ready. You can use in your project. Its Jaspt.

Let me show you some example use-


package com.codexplo.crypt;

import org.jasypt.util.password.BasicPasswordEncryptor;
import org.jasypt.util.password.ConfigurablePasswordEncryptor;
import org.jasypt.util.password.StrongPasswordEncryptor;

public class PasswordEncryption {
public static void main(String[] args) {

// for basic encryptions
BasicPasswordEncryptor encryptor = new BasicPasswordEncryptor();
String password = encryptor.encryptPassword("helloworld");
System.out.println("Password encrypted by Basic password encryptor: "
+ password);

// you can verify password
boolean isOkay = encryptor.checkPassword("helloworld", password);

// for Stron encryptions
StrongPasswordEncryptor encryptor2 = new StrongPasswordEncryptor();
String password2 = encryptor2.encryptPassword("helloworld");
System.out.println("Password encrypted by String password encryptor: "
+ password2);

// Even you can configure algorithm
ConfigurablePasswordEncryptor encryptor3 = new ConfigurablePasswordEncryptor();
encryptor3.setAlgorithm("SHA-512");
String password3 = encryptor3.encryptPassword("helloworld");
System.out
.println("Password encrypted by Configurable password encryptor: "
+ password3);
}

}

and the Output:


Password encrypted by Basic password encryptor: tUu09eR+G+AYwOOBEdhMo1LlenTq/UOa
Password encrypted by Strong password encryptor: kD6BFzSDjAqq6d3UF9m1D5YZE593W6XTbMjoXQ6OnSRu/E7pSJJQtpqWvJ72YKGT
Password encrypted by Configurable password encryptor: Ycx9oO2GUsxzEDFIyRKVkcPQuK0TcoUFrZBBmGCjk6zJrhAXCaQbnG0vdyjmeFKl5qnu7mmi8Et9yEZB26wgg2lDLt5DSj0N

To use Jaspt, add following maven dependency in your pom.xml


<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
<version>1.9.0</version>
</dependency>

To know more about it: http://www.jasypt.org/

Advertisements

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s