Reputation: 9827
Use Spring Security's PasswordEncoder to create AES encrypted based password
I have a requirement to create a AES based encrypted password. I'm using Spring Security 3.0.5's PasswordEncoder.endcodePassword method and passing in AES, but I'm unsure if thats the proper technique...
passwordEncoder.encodePassword("xyz", "AES")
Upvotes: 0
Views: 2480
Answers (1)
Reputation: 242686
It's a very strange requirement. The usual password storage strategy is to store their hashes. It prevents malicious person from obtaining passwords if he managed to get access to your database. Spring Security's built-in password encoders implement this approach.
The idea to use symmetric encryption to store passwords in the database appears to be less secure, since you need to store secret key somewhere in your application, and it's likely that if malicious person gets access to your database, he can also get access to your secret key, so that he can decrypt your passwords.
However, if you rellay need to follow that approach, you can implement your own PasswordEncoder that gets secret key and uses AES encryption, based on some tutorial on using AES in Java.
Upvotes: 1
Related Questions
- SpringSecurity : decode a password encoded with PasswordEncoder
- Password Encoder in Spring boot Security
- Password Encryption / Decryption using Spring
- How to apply password encryption with Spring Security?
- Spring Security, Problem with PasswordEncoder
- Password Encoder/Decoder in Spring Boot
- How to use new PasswordEncoder from Spring Security
- Using PasswordEncoder from Spring Security
- Java Spring Security PasswordEncoder
- How to add custom password encoder to Spring Security?