I have a web server that creates a QR code which is [username] +

Question

0

Asked: May 24, 20262026-05-24T04:22:53+00:00 2026-05-24T04:22:53+00:00

I have a web server that creates a QR code which is [username] +

0

I have a web server that creates a QR code which is [username] + a md5 hash of [username][password].
Where [username] is the user logged in at the time.
Where [password] is a system password set by me and common to web server and the apps.

My Android/iPhone/BlackBerry/Windows app will scan this QR code and use the [username] provided in the QR code to hash with [password] which will tell me that the QR code came from my server.

Obviously if someone were to get hold of [password] then they could create QR codes that did not come from my web server. So is there anyway to safely store [password] in my app or could someone decompile the .apk and find it in classes.dex?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T04:22:54+00:00

Editorial Team

2026-05-24T04:22:54+00:00Added an answer on May 24, 2026 at 4:22 am

You can obfuscate the password somehow, but ultimately this is only security through obscurity. Someone who wanted to could certainly reverse engineer it.

You probably want to look at public key cryptography to avoid this – even if someone gets access to the public key, they still won’t be able to use it to impersonate your server.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a web server that creates a QR code which is [username] +

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply