Login  Register

Re: Testing a password

Posted by Chris Mawata on Apr 09, 2010; 6:30pm
URL: http://imagej.273.s1.nabble.com/Testing-a-password-tp3688636p3688642.html

Why keep the actual password at all? Use **java.security.MessageDigest**
to create a hash, e.g. MD5.
When you get the user's password you encrypt that and see if it comes to
the same hash.
Chris Mawata


Gabriel Landini wrote:

> On Wednesday 07 April 2010, you wrote:
>  
>> I did not want to comment on that,  actually as a minimum I would recommend
>> some simple "garbling" of the stored password with some secret "constant" to
>> avoid that  the password will directly stand out in any text dump of the
>> class file.
>>    
>
> I was thinking of the risk of somebody using a decompiler that will retrieve
> some version of the code. In that case any procedural garbling of the string
> would be retrievable as well.
> Cheers
>
> G.
>
>