Posted by dscho on Apr 07, 2010; 10:16am
URL: http://imagej.273.s1.nabble.com/Testing-a-password-tp3688636p3688643.html

Hi,

On Wed, 7 Apr 2010, Joachim Wesner wrote:

> I did not want to comment on that, actually as a minimum I would
> recommend some simple "garbling" of the stored password with some secret
> "constant" to avoid that the password will directly stand out in any
> text dump of the class file.

Actually, making it secure would be trivial:

        byte[] getSHA1(String text) {
                try {
                        MessageDigest digest =
                                MessageDigest.getInstance("SHA-1");
                        digest.update(text.getBytes("UTF-8"));
                        return digest.digest();
                } catch (Exception e) {
                        return null;
                }
        }

... and then only storing the SHA-1 of the password and comparing with
that (via equals(), of course).

Ciao,
Johannes