0

I am trying to encrypt the password using a salt and storing it into the MySQL database. I referred to this stackOverflow question

My code is similar to this:

private byte[] encrypt(String passwordToSave, byte[] salt)
    throws UnsupportedEncodingException
    {
        int seedBytes = 20;
        int hashBytes = 20;

        int iterations = 1000;

        if(null == salt)
        {
            SecureRandom rng = new SecureRandom();
            salt = rng.generateSeed(seedBytes);
        }
        PKCS5S2ParametersGenerator kdf = new PKCS5S2ParametersGenerator();

        kdf.init(passwordToSave.getBytes("UTF-8"), salt, iterations);

        byte[] hash =
            ((KeyParameter) kdf.generateDerivedMacParameters(8*hashBytes)).getKey();
        return hash;        
    }

I just altered the function little to make use of it for both the purposes.

  1. Encrypt the password while creating the user account and store it with the salt.
  2. Encrypt the user password with the stored salt from database when he is trying to logging in and check it with the stored value of password.

The issue with this is, I am not getting back what I stored. I used a lot of different things,

  1. I used Base64 for encoding and stored into DB and decoded using the same while getting it back.
  2. I tried to use VARBINARY and BLOB to save the byte[] data but no luck.
  3. Then I used VARCHAR and just stored the byte[] by creating a new String from it using "UTF-8" encoding type.

I am new to cryptography so if I am wrong, please point it out. Thanks in advance. :)

EDIT:

The output when I ran the encrypt twice: 

Salt : [34, 17, -80, -59, 93, -90, 37, -25, -11, -43, 44, 1, 10, 7, -66, -108, 97, 36, 95, -116]
First Attempt: [-76, -3, 114, -69, 78, 21, -59, 23, 127, -15, 114, -106, -52, 23, 34, 91, 123, 6, 76, -115]
Second Attempt: [-76, -3, 114, -69, 78, 21, -59, 23, 127, -15, 114, -106, -52, 23, 34, 91, 123, 6, 76, -115]
Salt : [34, 17, -80, -59, 93, -90, 37, -25, -11, -43, 44, 1, 10, 7, -66, -108, 97, 36, 95, -116]
Community
  • 1
  • 1
Aditya Peshave
  • 667
  • 9
  • 26
  • Are you storing the salt as well? And then when you encrypt the second time are you using the same salt? If you're encrypting with a different salt each time, you *will* get different results... – Jon Skeet Feb 05 '14 at 07:22
  • Yes I am saving the salt as well. I am getting different values from database only. – Aditya Peshave Feb 05 '14 at 07:24
  • 1
    Okay, so take the database out of the equation completely - just call `encrypt` twice in a row with the exact same parameters, and then display the byte array output. – Jon Skeet Feb 05 '14 at 07:27
  • @JonSkeet : I simply sysout the byte[]. Is it okay?? – Aditya Peshave Feb 05 '14 at 07:35
  • Well no, that won't show you the bytes - it will just print something like `[B@6d6de4e1` which doesn't indicate the *content* of the array at all. Base64 encode it, or use `Arrays.toString(byte[])`. – Jon Skeet Feb 05 '14 at 07:38
  • @JonSkeet: I think I am doing something terribly wrong while storing the data. The encryption seems working. – Aditya Peshave Feb 05 '14 at 07:46
  • Okay, so that's the next part to concentrate on. Use hard-coded data so that you're *only* looking at the storage part. You might want to delete this question, then ask another one which is just about the storage when you've got more information. – Jon Skeet Feb 05 '14 at 07:48
  • Ok I will. but what is the standard practice anyway? how can we store byte[] into mysql?? – Aditya Peshave Feb 05 '14 at 07:49
  • The first two methods you mention in the question should be okay. Do *not* try to interpret the hash as UTF-8-encoded text - it simply isn't. – Jon Skeet Feb 05 '14 at 07:57

0 Answers0