Encrypt password and print the result?

  • (2 Pages)
  • +
  • 1
  • 2

15 Replies - 515 Views - Last Post: 14 September 2013 - 02:16 PM Rate Topic: -----

#1 IntelligentTurtle  Icon User is offline

  • D.I.C Head

Reputation: -4
  • View blog
  • Posts: 50
  • Joined: 25-July 13

Encrypt password and print the result?

Posted 14 September 2013 - 02:01 AM

I am working on a login system for my java program, but I want to encrypt the password. I am using php because if someone decompiles the program they could find the key codes to decrypting the password. So what I want to do, is have a url like this: example.com/users/encrypt.php?password=pass so it would encrypt the password and print out as HTML for my program to read.

Please note I know nothing about PHP, this was just the first way to encrypt it securely that popped into my head.

This post has been edited by Dormilich: 14 September 2013 - 03:06 AM
Reason for edit:: changed host name


Is This A Good Question/Topic? 0
  • +

Replies To: Encrypt password and print the result?

#2 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3530
  • View blog
  • Posts: 10,179
  • Joined: 08-June 10

Re: Encrypt password and print the result?

Posted 14 September 2013 - 02:59 AM

Quote

I am using php because if someone decompiles the program they could find the key codes to decrypting the password.

wouldn’t it be easier to use server-side Java (JSP)?
Was This Post Helpful? 0
  • +
  • -

#3 IntelligentTurtle  Icon User is offline

  • D.I.C Head

Reputation: -4
  • View blog
  • Posts: 50
  • Joined: 25-July 13

Re: Encrypt password and print the result?

Posted 14 September 2013 - 03:00 AM

No thanks, my server doesn't support that I don't think
Was This Post Helpful? 0
  • +
  • -

#4 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3530
  • View blog
  • Posts: 10,179
  • Joined: 08-June 10

Re: Encrypt password and print the result?

Posted 14 September 2013 - 03:08 AM

if you don’t know anything about PHP, then I recommend a Web Service that does that encryption for you. anyways, I wouldn’t recommend security-sensitive coding in a language you don’t understand.
Was This Post Helpful? 0
  • +
  • -

#5 IntelligentTurtle  Icon User is offline

  • D.I.C Head

Reputation: -4
  • View blog
  • Posts: 50
  • Joined: 25-July 13

Re: Encrypt password and print the result?

Posted 14 September 2013 - 03:10 AM

...? can just give me an answer, this is the way I want to do it
Was This Post Helpful? -2
  • +
  • -

#6 Atli  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3718
  • View blog
  • Posts: 5,989
  • Joined: 08-June 10

Re: Encrypt password and print the result?

Posted 14 September 2013 - 03:14 AM

What kind of encryption are we talking about here?
Was This Post Helpful? 0
  • +
  • -

#7 IntelligentTurtle  Icon User is offline

  • D.I.C Head

Reputation: -4
  • View blog
  • Posts: 50
  • Joined: 25-July 13

Re: Encrypt password and print the result?

Posted 14 September 2013 - 03:15 AM

I don't know... a secure kind? that can be decrypted?
Was This Post Helpful? 0
  • +
  • -

#8 Atli  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3718
  • View blog
  • Posts: 5,989
  • Joined: 08-June 10

Re: Encrypt password and print the result?

Posted 14 September 2013 - 03:32 AM

Generally you don't encrypt passwords, you hash them. However hashes are irreversible, unlike encryptions. In the type of login systems you typically deal with in server-side languages like PHP, there is never any need to decrypt passwords, so hashes are perfect.

Why do you need them to be decrypted in your program?
Was This Post Helpful? 0
  • +
  • -

#9 IntelligentTurtle  Icon User is offline

  • D.I.C Head

Reputation: -4
  • View blog
  • Posts: 50
  • Joined: 25-July 13

Re: Encrypt password and print the result?

Posted 14 September 2013 - 03:36 AM

so I can read the password and check if its correct?

and check if user input is correct, I mean.
Was This Post Helpful? 0
  • +
  • -

#10 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3530
  • View blog
  • Posts: 10,179
  • Joined: 08-June 10

Re: Encrypt password and print the result?

Posted 14 September 2013 - 03:59 AM

you can do that with hashes as well. you just compare if the hash that you have stored of the password equals the hash of the password that the user gives you.
Was This Post Helpful? 0
  • +
  • -

#11 IntelligentTurtle  Icon User is offline

  • D.I.C Head

Reputation: -4
  • View blog
  • Posts: 50
  • Joined: 25-July 13

Re: Encrypt password and print the result?

Posted 14 September 2013 - 04:00 AM

ok then, can you tell me how to hash it?
Was This Post Helpful? 0
  • +
  • -

#12 Atli  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3718
  • View blog
  • Posts: 5,989
  • Joined: 08-June 10

Re: Encrypt password and print the result?

Posted 14 September 2013 - 04:09 AM

You don't need PHP for that. A hash is irreversible, so even if somebody manages to get the source code for your Java program, a hash generated in Java will not be any more vulnerable than a hash generated by PHP.

So, find a way to generate a hash in Java and use that. Just don't try to use MD5 or SHA1. Although a lot of people use them for password hashing, they are far to weak now to be of use. If you can find a Java API to create Bcrypt hashes, that would be my recommendation.
Was This Post Helpful? 0
  • +
  • -

#13 IntelligentTurtle  Icon User is offline

  • D.I.C Head

Reputation: -4
  • View blog
  • Posts: 50
  • Joined: 25-July 13

Re: Encrypt password and print the result?

Posted 14 September 2013 - 04:13 AM

OK then, not what I was looking for but good enough. I found an api which does it :) it's called jBCrypt.

To compare the passwords I will just hash the user input and compare it :)
Was This Post Helpful? 0
  • +
  • -

#14 Atli  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 3718
  • View blog
  • Posts: 5,989
  • Joined: 08-June 10

Re: Encrypt password and print the result?

Posted 14 September 2013 - 04:19 AM

If you are using jBCrypt, you'll need to use the BCrypt.checkpw method they demonstrate on their main page. Bcrypt hashes embed a salt in the output itself, so two hashes generated from the same source won't be the same. To borrow their example:
// Check that an unencrypted password matches one that has
// previously been hashed
if (BCrypt.checkpw(candidate, hashed))
	System.out.println("It matches");
else
	System.out.println("It does not match");


The candidate there would be the plain-text password input you want to check, and the hashed the hash you already have stored for the password.
Was This Post Helpful? 0
  • +
  • -

#15 IntelligentTurtle  Icon User is offline

  • D.I.C Head

Reputation: -4
  • View blog
  • Posts: 50
  • Joined: 25-July 13

Re: Encrypt password and print the result?

Posted 14 September 2013 - 05:27 AM

Yes, I know. Are you trying to say I have to change something in their code?
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2