All geek questions in one place

Saving user passwords in Java?

I came to the point where I need to choose a way to safely store user passwords in the database and check their compliance when the user visits the site.

I am using Spring 2.5 at the moment, but am slowly upgrading to Spring 3. What would you recommend me to keep passwords safe? I know that this question was answered in similar forms here and there, but I would like to receive an accurate, up-to-date answer on how to do this, which can also protect methods today from password cracking.

What would be the most suitable way to hash passwords with salt? I mean, which algorithm is better to use, if at all? Should I use bcrypt instead and is jBCrypt good lib for this? Is there a better way to protect passwords? How about using Jasypt ? What methods do you use to securely store user passwords?

Edit: Although I didn’t get very interesting and detailed answers, I went with bcrypt / jBCrypt, which seems like the best choice. Feel free to discuss.

+6
source share
4 answers

Yes, you should use bcrypt / jBCrypt. bcrypt is specifically designed to be slow, so it would take an invalid time to crack a password.

See this blog post for additional steps you can use on top of bcrypt to hash passwords.

+9
source

This article has some great information about Hashing with salt: https://www.owasp.org/index.php/Hashing_Java

+1
source

SpringSecurity supports password encoding using hashing and salts.

+1
source

you can use it with md5 code:

 public static String StringHashing(String s) { MessageDigest m = null; try { m = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException ex) { } m.update(s.getBytes(), 0, s.length()); return (new BigInteger(1, m.digest()).toString(16)); }
-5
source

Source: https://habr.com/ru/post/890866/

More articles:


All Articles