How to Encrypt Password in Java?
Every software application requires a username and password in order to authenticate the valid user. A username can be anything like an email-id or just a combination of characters. But while creating a password, one must be very careful. Because anyone with valid credentials can enter into the system and access the information.
Need of Encrypting a Password
When a user sets his/her password, it stores in the database as a plain text. Storing the plain text as it is into the database is not secure at all. Hackers may break the system and steal the passwords from the database.
To ensure the security of the user's password, it is encrypted using different encryption techniques. Using various encryption techniques, the plain text password is stored in an encrypted form in the database. There are many methods that can be used to encrypt the password. But the hashing is one of the most popular encryption techniques.
Java Secure Hashing Techniques
The encrypted hash value is generated using certain algorithms on the plain text password provided by the user. Java programming supports several hashing techniques in order to encrypt a password.
MD5 Hashing Technique
The MD5 (Message Digest) is a very popular hashing algorithm. It is a cryptographic hash function that generates a 128-bits hash value. This algorithm is defined under java.security package in Java programming.
Plain-text password: myPassword Encrypted password using MD5: deb1536f480475f7d593219aa1afd74c
The above code shows the implementation of MessageDigest class in java.security package. The MD5 returns a byte array that needs to be converted into a readable hexadecimal format.
The MD5 hashing technique is easy and fast to implement but it is also prone to brute force attacks or dictionary attacks.
SHA is the Secure Hash Algorithm. It uses a cryptographic function that takes up the 32-bit plain-text password and converts it into a fixed size 256-bit hash value. This hashing technique is implemented using the MessageDiagest class of java.security package.
It is a one-way encryption technique. Once the passphrase is encrypted it cannot be decrypted back.
myPassword : 76549b827ec46e705fd03831813fa52172338f0dfcbd711ed44b81a96dac51c6 hashtrial : d3e3224a59d69e9a000f1ce6782cb6a8be1eb3155610ff41bffbcbc95adc5d7
The above code uses the instance of MessageDigest class to generate a hash for SHA256. The SHA256 returns a byte array that needs to be converted into a readable hexadecimal format. And lastly, the encrypted hash value is displayed.
SHA512 MD5 Hashing Technique
SHA512 uses a cryptographic function that takes up the 64-bit plain-text password and converts it into a fixed size 512-bit hash value. This hashing technique is also implemented using the MessageDiagest class of java.security package.
myPassword : 450ad03db9395dfccb5e03066fd7f16cfba2b61e23d516373714471459052ec90a9a4bf3a151e600ea8aaed36e3b8c21a3d38ab1705839749d130da4380f1448 hashtrial : 9520ea1a8d60d23334e6d59acebd587de6fec1e53db5836f467096c540ae60f7c85e9fbc90856dee9d6563609b8786b03b47892af0bad44bdcab2206f22df5cb
The above code uses the instance of MessageDigest class to generate a hash for SHA512. The SHA512 returns a byte array that needs to be converted into a readable hexadecimal format. And lastly, the encrypted hash value is displayed.
Password-Based Encryption using Salt and Base64:
The password-based encryption technique uses plain text passwords and salt values to generate a hash value. And the hash value is then encoded as a Base64 string. Salt value contains random data generated using an instance of Random class from java.util package.
The following program demonstrates password encryption using salt and base64.
Plain text password = myNewPass123 Secure password = sA0jNGQTrAfMUiqrB++bMKTU55ThdFCl16ZZTIXwD2M= Salt value = n7d9MPQFXxDqzT6onmong3hQt8Nyko Password Matched!!
In the above code, two classes are defined.
Techniques for Cracking the Hash
A hash value is prone to different kinds of attacks by attackers. Some of them are mentioned below,