CODEWITHSUNDEEP
javaencryptionmd5
franco
franco

Reputation: 2047

java encrypt decrypt password md5 using same key

I used jersey web service in java language .

I have this code :

 @GET
     @Path("/getList/{login}/{password}/{email}")
     @Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")

     public  String getList(@PathParam("login") String login,@PathParam("password") String password,@PathParam("email") String email){
         if(login!=null && !"".equals(login)&& password!=null && !"".equals(password))
         {
             if(login.equals("admin")&& password.equals("12345"))
             {
                 List list= findDataList(login,password,email);

                 if(list!=null && list.size()>0)
                 {
                      JSONArray arrayObj=JSONArray.fromObject(list);      

                    return arrayObj.toString();
                 }
                 else
                 {
                     return "No Data ";
                 }
             }
             else
             {
                 return "access denied ";
             }
         }
         else
         {
             return "access denied ";
         }



     }

and I used this url to test the web service :

 http://localhost:8080/projectTest/service/getList/admin/1235545/[email protected]

I have a login and password that is fixed in the server side ("admin" ,"12345" ) and will be compared with the parameters which will be sent in the web service url

my goal is to know how to secure the sending of the password parameter .

I want that the password will be encrypt using md5 and then decrypt this password in getList method .

I think that the best way is to use the same key

to encrypt and decrypt the password in the client and server side.

Upvotes: 0

Views: 10054

Answers (1)

Cristian Meneses
Cristian Meneses

Reputation: 4041

As stated on the comments, MD5 is a one-way hashing. This means that once hashed, you *cannot recover the original value.

This is good security, but maybe your approach can be improved.

Instead of "decrypting" the existing password, you can hash the password that has been entered, and compare this hash with the existing password hash. If they are the same, then the password is the same, and you can authorize the login attempt.

  • MD5 "can" be decrypted using MD5 hash dictionaries, but still it is hard for non-common password.

If still you need the decrypted password, you can take a look at this related question about encrypting and decrypting

Upvotes: 3

Related Questions