How to decode with MessageDigest, Base64

Question

How to decode with MessageDigest, Base64

I am currently encoding a password. I have to decrypt the password. Here is the code to encode. I am trying to compare the original password. I researched MessageDigest, which says it is a one-way method. Not sure how to get the original message. We have a decoding method, but it does not give me the original password - Base64.decode.

public static synchronized String getMD5_Base64(String input) { if (!isInited) { isInited = true; try { digest = MessageDigest.getInstance("MD5"); } catch (Exception ex) { } } if (digest == null) return input; // now everything is ok, go ahead try { digest.update(input.getBytes("UTF-8")); } catch (java.io.UnsupportedEncodingException ex) { } byte[] rawData = digest.digest(); byte[] encoded = Base64.encode(rawData); String retValue = new String(encoded); return retValue; } }

+5

java base64 hash

Perry Aug 13 '10 at 16:55

source share

4 answers

Jherico · Answer 1 · 2010-08-13T17:00:12+0000

You cannot get the original password. Keep in mind that digesting and Base64 encoding do two completely different things. The MD5 collection creates a cryptographic hash of the data provided to it. It is irreversible. Base64 is an encoding mechanism for converting data (which may contain non-printable binary data) into a string that is guaranteed to contain only printable characters. This step is reversible.

The standard way to verify the password is to not decrypt the original password and compare plain text. What you need to do is take the encoding (MD5 hash and then Base64 encoding) that you made on the original password, and apply it to the password just provided. Then compare the saved encoded version with the new encoded version. If they match, then the passwords match.

This design is a safer mechanism than storing passwords that can be decoded. Thus, if someone has stolen your password database, they will not automatically have access to all the passwords of your users. To get into the system, they still have to find a password that is encoded to the same value. A cryptographic hash point, like MD5, should make this very complex. On the other hand, MD5 is no longer considered a very secure hash. You will be better off using SHA1 or SHA256 (but remember that you cannot change existing saved passwords from your MD5 hash to another hash without an original password that you do not have, i.e. you cannot just convert your stored password databases) .

Narayan subedi · Answer 2 · 2013-02-24T09:41:35+0000

MessageDigest with MD5 is a one-way hash. So why not use javax.crypto , which can easily encrypt and decrypt. Here is an example:

 import java.security.spec.KeySpec; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESedeKeySpec; import org.apache.commons.codec.binary.Base64; public class EncryptDecrypt { private static final String UNICODE_FORMAT = "UTF8"; public static final String DESEDE_ENCRYPTION_SCHEME = "DESede"; private KeySpec ks; private SecretKeyFactory skf; private Cipher cipher; byte[] arrayBytes; private String myEncryptionKey; private String myEncryptionScheme; SecretKey key; public EncryptDecrypt() throws Exception { myEncryptionKey = "ThisIsSpartaThisIsSparta"; myEncryptionScheme = DESEDE_ENCRYPTION_SCHEME; arrayBytes = myEncryptionKey.getBytes(UNICODE_FORMAT); ks = new DESedeKeySpec(arrayBytes); skf = SecretKeyFactory.getInstance(myEncryptionScheme); cipher = Cipher.getInstance(myEncryptionScheme); key = skf.generateSecret(ks); } public String encrypt(String unencryptedString) { String encryptedString = null; try { cipher.init(Cipher.ENCRYPT_MODE, key); byte[] plainText = unencryptedString.getBytes(UNICODE_FORMAT); byte[] encryptedText = cipher.doFinal(plainText); encryptedString = new String(Base64.encodeBase64(encryptedText)); } catch (Exception e) { e.printStackTrace(); } return encryptedString; } public String decrypt(String encryptedString) { String decryptedText=null; try { cipher.init(Cipher.DECRYPT_MODE, key); byte[] encryptedText = Base64.decodeBase64(encryptedString.getBytes()); byte[] plainText = cipher.doFinal(encryptedText); decryptedText= new String(plainText); } catch (Exception e) { e.printStackTrace(); } return decryptedText; } public static void main(String args []) throws Exception { EncryptDecrypt td= new EncryptDecrypt(); String target=" password@123 "; String encrypted=td.encrypt(target); String decrypted=td.decrypt(encrypted); System.out.println("String To Encrypt: "+ target); System.out.println("Encrypted String: " + encrypted); System.out.println("Decrypted String: " + decrypted); } }

Borealid · Answer 3 · 2010-08-13T17:01:07+0000

The MD5 hash algorithm, like all hash algorithms, is one-way. The only way to restore the original password is to try all the options until you get the one whose MD5 hash matches what you got.

jmo · Answer 4 · 2010-08-13T18:57:39+0000

If you are trying to compare the contents of the new password with the old passwords, you cannot use the MD5 hash. As Jericho noted, MD5 (and all hashes) are unidirectional, that you cannot get the source code.

To perform the comparison, you will have to store the original password value somewhere. It is best to probably encrypt (and base64 the result) before storing it in the database. Then, to perform the comparison, you decrypt each of the values and do the required work.

It is important to note that saving user passwords in any form that can be canceled can be dangerous if it is not properly performed.

How to decode with MessageDigest, Base64

More articles: