Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
What function to use to hash passwords in MySQL?
Secure password storage
What is the best mechanism for storing passwords into database after encryption of the password? And what is the method of encryption and an implementation in Java?
Never store encrypted passwords. Store a secure one-way hash instead, something like SHA-1 (has some minor security issues), or one of the newer, more secure variants.
Doing so is actually against several regulatory requirements that you may be subject to, such as the PCI DSS if you have any involvement with credit cards (doing any e-commerce?).
Something like http://www.mindrot.org/projects/jBCrypt/ may also prove useful.
+1 for Borealid’s comment – even with hashing, the hashing needs to be done properly, and must include “salt” (additional random data to prevent a subset of attacks). jBCrypt will do this for you (as will other similar libraries).