Reputation: 4371
I'm using play-framework 2.0 (java web-framework) with postgresql.
thanks
Upvotes: 9
Views: 12070
Reputation: 9788
I used jBcrypt together with Play framework internal Crypto ( got idea from here: https://groups.google.com/forum/?fromgroups#!topic/play-framework/9KIUwWBjudQ[1-25] )
Also when I added registration for users I made sure that password has some level of complexity (at least 8 marks of miminum, big letter, one number). etc. you name it basically? But just wanted to point out that security is not just about encrypting, half of the cake is making sure that users will use complex passwords :)
Upvotes: 2
Reputation: 7311
You should use the SHA-x algorithm to hash the password. This is more or less the replacement hash function of MD5.
MessageDigest.getInstance("SHA-512").digest(toBytes(toDigest)))
But be careful, add a salt to the password before hashing it to avoid an hash table attack.
The DB column should be a varchar. The length depends on the version you use of the SHA algorithm
HIH
Upvotes: 0
Reputation: 13097
You want to hash the password, not encrypt it (See this question for more details). The current recommended approach is to use an adaptive hashing algorithm, like bcrypt. jBcrypt is a solid Java implementation that you can use.
As for DB type, you can safely just treat it as a string.
Upvotes: 9