Password Encryption and Decryption Using jBCrypt
Looking to create a great password for your sensitive files? Read on to learn how to generate a random password and and how to hash that password.
Join the DZone community and get the full member experience.
Join For FreeIn this article, we will take a look into how to generate random passwords that have alphanumeric and special characters and encrypt it using the one-way hash algorithm, jBCrypt.
Generating a Random Password
I'll use the Passay library to generate random passwords having alphanumeric and special characters. The following code block is a sample code to generate a random password using the Passay library. It also allows you to configure the character length of the resultant password.
public String generateRandomPassword() {
List rules = Arrays.asList(new CharacterRule(EnglishCharacterData.UpperCase, 1),
new CharacterRule(EnglishCharacterData.LowerCase, 1), new CharacterRule(EnglishCharacterData.Digit, 1),new CharacterRule(EnglishCharacterData.Special, 1));
PasswordGenerator generator = new PasswordGenerator();
String password = generator.generatePassword(8, rules);
return password;
}You can find more reference example of using Passay here - Random Password Generator
Once any random alphanumeric password is generated, we'll use jBCrypt to encode it.
Password Hashing Using jBCrypt
jBcrypt is a one-way password hashing algorithm based on the Blowfish cipher that uses an adaptive hash algorithm to store passwords. BCrypt internally generates a random salt while encoding passwords and hence it provides a different encoded result for the same string. But one common thing is that every time it generates a String of length 60.
The following code is the implementation to encode a string using jBCrypt:
private String hashPassword(String plainTextPassword){
return BCrypt.hashpw(plainTextPassword, BCrypt.gensalt());
} Once the password is hashed we can save it to DB and whenever there is a need to match the plain text password with this hashed password saved into the DB, we can do the following:
private void checkPass(String plainPassword, String hashedPassword) {
if (BCrypt.checkpw(plainPassword, hashedPassword))
System.out.println("The password matches.");
else
System.out.println("The password does not match.");
}Storing plain-text password in DB is always vulnerable to security. Hence, we can use the above implementations to save a hashed password to the database instead of saving a plain text password.
Published at DZone with permission of Dhiraj Ray. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments