I know there are lots lots of articles available about hashing and encryption algorithm.
I have figure it out from them that use hashing function instead of encryption to store password in the database.
So I decided to use SHA-256 algorithm to generate hash key and I am storing that hash key into my server database instead of plain password.
Now I am really not able to understand how I should use it, because each time I am passing the same password to generate SHA key it gives me different than previous one, than how could I compare it with stored hash key in my database?
I am using java so my java code is
public class Test {
public static void main(String...arg) throws IOException{
System.out.println("First time");
String string64 = getEncryptedPassword("FenilShah");
System.out.println(string64);
System.out.println(StringUtils.newStringUtf8(Base64.decodeBase64(string64)));
System.out.println("\nSecond time");
string64 = getEncryptedPassword("FenilShah");
System.out.println(string64);
System.out.println(StringUtils.newStringUtf8(Base64.decodeBase64(string64)));
System.out.println("\nThird time");
string64 = getEncryptedPassword("FenilShah");
System.out.println(string64);
System.out.println(StringUtils.newStringUtf8(Base64.decodeBase64(string64)));
}
public static String getEncryptedPassword(String clearTextPassword) {
try {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(clearTextPassword.getBytes());
byte pass[] = md.digest();
System.out.println(pass.toString());
return Base64.encodeBase64String(StringUtils.getBytesUtf8(pass.toString()));
} catch (NoSuchAlgorithmException e) {
//_log.error("Failed to encrypt password.", e);
}
return "";
}
}
so the output is something like this
First time
[B@5bf825cc
W0JANWJmODI1Y2M=
[B@5bf825cc
Second time
[B@1abfb235
W0JAMWFiZmIyMzU=
[B@1abfb235
Third time
[B@1f4cc34b
W0JAMWY0Y2MzNGI=
[B@1f4cc34b