Home/ Questions/Q 6640517
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T23:40:54+00:00

I am creating an app that requires the user to register with a remote

  • 0

I am creating an app that requires the user to register with a remote server, but I want to hash their password before sending it off to be stored in my database.

I tried using the jBCrypt library, but it created a long hang time while hashing. Are there any other alternatives? What would be the best (and safest) way to hash the passwords without creating a noticeable hang?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your approach seems to be wrong. Unless you have some special requirements, the usual way to do this is the following (not Android-specific, for any web application):

    1. When the users register, take their password, hash it (using a random salt is also recommended), and save it in the DB. That is done so you don’t save the actual password in your DB.
    2. When the user needs to login, you send the actual password to your webapp (use SSL to avoid sending it in the clear), not the hash. On the server, you apply the same hashing algorithm as in step 1, and compare the result to what is in your DB. If they are the same, the user has provided the correct password.

    In short, you should do your hashing on the server, not on the Android device.

    • 0