Saving Password Using Md5

Question

Saving Password Using Md5

I use Postgresql, hibernate and Java, and I need to save the password. Can someone tell me how to encrypt a password using md5. Else is the best way to store a secure password in a database

thank

+5

java sql database password-protection encryption

Noor Dec 14 '10 at 20:12

source share

6 answers

MD5 is not an encryption algorithm - it is a cryptographic hash function. This is a completely different matter! You can save the hashed password in the database, but you cannot (generally) recover the password from the password hash. This is by design.

- , , . rainbow table . , salt ( PBKDF2), .

, MD5 , . , SHA-256.

+5

Mark Byers 14 . '10 20:16

, ( ) . . , , .

MessageDigest Java . : MD5- Java.

: , , , MD5. , , ( ). MD5 .

+2

Bill the Lizard 14 . '10 20:16

1) MD5.
2) MD5 - , , .
3) MD5 .
4) MD5 , .
5) MD5 , . (++, vb.net, VB6, #, php...)

+2

Dave 14 . '10 20:23

postgres, pgcrypto.

:

update ... set passwordhash = crypt('new password', gen_salt('md5'));

, !

As others have pointed out, this might be a bad idea, depending on what you are trying to do. I was forced to use MD5 before because another application required it, but you do not want to pass this hash to the world.

0

user533832 Dec 14 '10 at 20:17

source share

I found the Jasypt encryption library to be quite useful.

0

Bill Dec 14 '10 at 20:39

source share

dagge · Accepted Answer · 2010-12-14T20:14:39+0000

You should not use md5 to hash passwords. It is built for speed, which facilitates the attack. Use bcrypt instead . In addition, you should not try to decrypt the password after saving it. See the Examples on the bcrypt page for password verification with user input. Learn more about how to safely store passwords.

jBcrypt is also very easy to use. This is how you enter the password:

BCrypt.hashpw(password_from_user, BCrypt.gensalt());

And check this out:

BCrypt.checkpw(password_from_user, hashed_password_from_database)

Saving Password Using Md5

More articles: