Menu
I am using Postgresql,hibernate and Java and I need to store a password. Can someone suggest me how to encrypt the password with md5. Else is there a better way to store secure password in the database
Thanks
466
MD5 hashes are no longer considered cryptographically secure methods and should not be used for cryptographic authentication, according to IETF.
To protect passwords, experts suggest using a strong and slow hashing algorithm like Argon2 or Bcrypt, combined with salt (or even better, with salt and pepper). (Basically, avoid faster algorithms for this usage.) To verify file signatures and certificates, SHA-256 is among your best hashing algorithm choices.
The MD5 message-digest algorithm is a cryptographically broken but still widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities.
MD5 is a terrible choice for password storage, but it's not because MD5 is broken - it's because it's a fast hash that was never intended for password storage (and neither was SHA256).
You shouldn't use md5 for password hashing. It's built for speed which makes it easier to attack. Use bcrypt instead. Also, you're not supposed to try to decrypt the password after it has been stored. See the examples on the bcrypt page for how to verify a password from user input. More information on how to store passwords safely.
jBcrypt is real simple to use too. Here's how you hash a password:
BCrypt.hashpw(password_from_user, BCrypt.gensalt());
And to verify it:
BCrypt.checkpw(password_from_user, hashed_password_from_database)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
