Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Password Encryption and Decryption Using jBCrypt

DZone's Guide to

Password Encryption and Decryption Using jBCrypt

Looking to create a great password for your sensitive files? Read on to learn how to generate a random password and and how to hash that password.

· Security Zone ·
Free Resource

Protect your applications against today's increasingly sophisticated threat landscape.

In this article, we will take a look into how to generate random passwords that have alphanumeric and special characters and encrypt it using the one-way hash algorithm, jBCrypt.

Generating a Random Password

I'll use the Passay library to generate random passwords having alphanumeric and special characters. The following code block is a sample code to generate a random password using the Passay library. It also allows you to configure the character length of the resultant password.

public String generateRandomPassword() {

List rules = Arrays.asList(new CharacterRule(EnglishCharacterData.UpperCase, 1),
new CharacterRule(EnglishCharacterData.LowerCase, 1), new CharacterRule(EnglishCharacterData.Digit, 1),new CharacterRule(EnglishCharacterData.Special, 1));

PasswordGenerator generator = new PasswordGenerator();
String password = generator.generatePassword(8, rules);
return password;
}

You can find more reference example of using Passay here - Random Password Generator

Once any random alphanumeric password is generated, we'll use jBCrypt to encode it.

Password Hashing Using jBCrypt

jBcrypt is a one-way password hashing algorithm based on the Blowfish cipher that uses an adaptive hash algorithm to store passwords. BCrypt internally generates a random salt while encoding passwords and hence it provides a different encoded result for the same string. But one common thing is that every time it generates a String of length 60.

The following code is the implementation to encode a string using jBCrypt:

private String hashPassword(String plainTextPassword){
    return BCrypt.hashpw(plainTextPassword, BCrypt.gensalt());
} 

Once the password is hashed we can save it to DB and whenever there is a need to match the plain text password with this hashed password saved into the DB, we can do the following:

private void checkPass(String plainPassword, String hashedPassword) {
if (BCrypt.checkpw(plainPassword, hashedPassword))
System.out.println("The password matches.");
else
System.out.println("The password does not match.");
}

Storing plain-text password in DB is always vulnerable to security. Hence, we can use the above implementations to save a hashed password to the database instead of saving a plain text password.

Rapidly detect security vulnerabilities in your web, mobile and desktop applications with IBM Application Security on Cloud. Register Now

Topics:
java ,password storage ,password security ,random string

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}