I use Blowfish to encrypt the passwords with an randomly-generated salt, which is also stored in the DB.
$password = "someString";
$salt= "$2a$07$0dade6ad90a6cc2639b236876538b5fe$" // "$2a$07$". md5(mt_rand()) . "$";
$pw = crypt($password,$salt); // $2a -> Blowfish
// $pw would be $2a$07$0dade6ad90a6cc2639b23uwYL2QMyqG3piDr3N/D0oGvdD4NF7CIy
So and my actual problem is: I am writing an android application which needs a login. So when I sent the data from the password field via POST without encryption this is really unsafe.
So is there a way to generate a Blowfish PW ON ANDROID? I've tried many other tutorials like
Encrypt And Decrypt Using Blowfish In Java
Encrypt Using Blowflish And Java
Also found this: PHP crypt(pass, salt) alternative in Java - Blowfish algorithm but didn't solved my problem
That's from the first link:
public static String encryptBlowfish(String to_encrypt, String strkey) {
try {
SecretKeySpec key = new SecretKeySpec(strkey.getBytes(), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, key);
return new String(cipher.doFinal(to_encrypt.getBytes()).toString()); // Added here .toString() because otherwise I get some hardcoded text
} catch (Exception e) { return null; }
}
but when I encrypt the password with the salt I got only a string with a length of 11...
So i call encryptBlowfish("someString","0dade6ad90a6cc2639b236876538b5fe"); and the return String is [B@42ab9778
So what am I doing wrong?!
