Reputation: 2505
Password Hash method in Java
public static String encryptPassword( String password ) {
String encrypted = "";
try {
MessageDigest digest = MessageDigest.getInstance( "MD5" );
byte[] passwordBytes = password.getBytes( );
digest.reset( );
digest.update( passwordBytes );
byte[] message = digest.digest( );
StringBuffer hexString = new StringBuffer();
for ( int i=0; i < message.length; i++)
{
hexString.append( Integer.toHexString(
0xFF & message[ i ] ) );
}
encrypted = hexString.toString();
}
catch( Exception e ) { }
return encrypted;
}
I am using Java. I used this method for hashing the password and it correctly worked while storing into the database. Now I have difficulty with decryption. Are there any methods more effective than this one?
Upvotes: 2
Views: 2495
Answers (2)
Reputation: 75095
MD5 is a hash function, i.e. a one-way function. It is not possible to "decrypt" an MD5 code.
While not useful for encryption applications, hash codes are typically used for the following applications:
- password storage:
When user initially registers, the password he provides is submited to the hash function and the resulting code is kept on file. When he/she tries to login, the credential he passes then are submited to the same hash function, and the code so produced is compared to the hash code kept on file. The interesting benefit of this approach is that even if someone has access to the list of hash codes corresponding to users' password, he/she is not able to know what the passwords are, because if the irreversibility of the hash function. - detecting changes in data records
The MD5 code provides a short code which can summarize the content of a whole record (with a relatively low probability but not impossibility that a different record content could have the same MD5 value); this code can then be use to detect if the record was modified without requiring access to the original record. This is used for fraud detection and also for quickly computing differential update sets for datasets which are updated on batch basis. - Providing keys for database indexing
Again because of the relatively short size of the MD5 compared to the original data, MD5 or other other hash codes provide a way of building relatively compact indexes for data which may be quite long.
If you must... [store passwords so they can be retrieved at a later time] and BTW, there are many use cases where doing so is necessary (for example to be supplied to 3rd party site to login on-behalf of your application's various users etc.)...
...you should use a encryption algorithm such as Blowfish, DES, AES and the like (I'm only mentioning symmetric key encryption here, for while public key encryption may be used as well, it doesn't appear this is what is needed here).
Be sure to read-up about encryption and cryptography at large, for it is relatively easy to implement encryption-decryption applications which are not very secure :-( Also remember that the algorithm is only one of the elements (typically the "easier" one) of the whole chain.
Upvotes: 5
Reputation: 1499660
You can't decrypt it. MD5 is a hash - it's one way, unlike a two-way encryption algorithm.
You generally shouldn't be trying to decrypt passwords though - you store the hash (salted, ideally) and then compare the "known good" hash with the hash of the password given to you by the user later.
(I would avoid MD5 these days personally, but that's another story.)
Upvotes: 12
Related Questions
- How can I hash a password in Java?
- SHA2 password hashing in java
- Java salted password hashing
- Which password hashing method should I use?
- What built-in Java hash function to use for password
- hashed password
- Java hashing passwords
- Hashing password using salt
- Keeping user passwords safe in Java?
- How to use hash function in java for hashing the password?