Reputation: 63
Decrypt and encrypt using PBKDF2 java
Is there a way to decrypt PBKDF2 password in java. Java has implementation of PBKDF2 algorithm as PBKDF2WithHmacSHA1. I got the code to create hashes for password. I referred to below link for hashing technique:
My requirement is to store the third Party FTP server password in the encrypted format and get back the password in plain text form from DB when there is a need to login into the server. Can anyone suggest best password encryption method?
Upvotes: 1
Views: 24952
Answers (2)
Reputation: 13058
No it's impossible by design! Wonder why?
Following 2 articles will answer all your questions: https://nakedsecurity.sophos.com/2013/11/20/serious-security-how-to-store-your-users-passwords-safely/ https://crackstation.net/hashing-security.htm
Upvotes: 1
Reputation: 11921
Note that PBKDF2 is a hashing-method rather than an encryption-method (to be precise: it is a method to derive an encryption-key from a password but it is frequently used as a password-hashing method as well). The whole point of PBKDF2 is to make it impossible to get the original password other than by brute-force guessing and make that as hard as possible too.
If you are talking about your users' passwords: you should not be able to get them in clear at all - if you did and let me know (e.g. by showing me my password) I'd instantly mark your whole site as insecure.
If you need to keep an encrypted password for your application to access another service then PBKDF2 is the wrong tool for the job, use a real encryption-algorithm like AES instead.
Upvotes: 18
Related Questions
- Encryption/decryption fails
- Encrypt and Decrypt in Java
- How to decrypt the hashed password of pbkdf
- Java - Python AES encryption decryption
- AES Encryption and Decryption in Java
- Encryption and Decryption (java)
- how to decrypt in java (snippet of my code included)
- pbkdf2 Salted Hash Password Verification
- Encrypting and Decrypting Password
- PBKDF2, Java Implementation from C#