password-encryption

I would like to use scrypt to create a hash for my users' passwords and salts. I have found two references , but there are things I don't understand about them. They use the scrypt encrypt and decrypt functions. One encrypts a random string and the other encrypts the salt (which looks wrong since only the password and not the salt is used for decryption). It looks like the decrypt function is being used to validate the password/salt as a side effect of the decryption. Based on the little I understand, what I want is a key derivation function (KDF) rather than encryption/decryption and that the

I am using Jasypt-1.9.0 with Spring 3.1 and Hibernate 4.0.1 . I have a requirement in my application to connect to database whose password(root) is stored in the encrypted form in the property file within the application. I looked online and found the way with following links: http://www.jasypt.org/spring31.html http://www.jasypt.org/hibernate.html http://www.jasypt.org/encrypting-configuration.html I have done following steps and configuration for my requirement: Added jasypt-1.9.0 and jasypt-hibernate4 -1.9.0 in build path. Added following in my dispatcher-servlet file: < bean id=

I am learning to use maven password encryption capabilities and I would like to know how to choose the parameter <password> . There are two things that I don't understand: 1) mvn --encrypt-master-password foobar will always give a different encrypted master password . Since the encrypted master password is always different, I see only two possibilities: A local property is stored somewhere so that it can be used to decrypt the encrypted master password to get the master password . That means that our encrypted server passwords can only be used locally. Nothing is stored and the master password

I recently read an article about password hashing . How are MD5 or SHA1 hashes are created such that it can't be decrypted?? What I think is, it must be encypting string by certain FORMULA (it always gives same hash for the same string; so there must be no randomization) and thats why we should be able to decrypt that by the same FORMULA?? Or people don't know the forumla? MD5 and SHA1 are not encryption algorithms. They are hashing algorithms. It is a one way formula. Running MD5 or SHA1 on a particular string gives a hash that is always the same. It isn't possible to reverse the function to

I want to make a user login system for the purpose of learning. I have several questions. I did some research and found that the proper way of implementing a user login system is to store the user name/id and the encrypted/hashed version of the password in the database. When a user logs in, the password is encrypted client side (MD5, SHA-1 etc.) and sent to the server where it is compared with the one in database. If they match, the user log in successfully. This implementation prevents DBAs or programmers seeing the cleartext of the password in the database. It can also prevent hackers

I'm new to encryption. This question is subquestion of my previous one. I have a file encrypted with OpenSSL util: openssl aes-256-cbc -in fileIn -out fileOUT -p -k KEY I'm using this code to decrypt it: byte[] encrypted = IOUtils.toByteArray(inputStream); Security.addProvider(new BouncyCastleProvider()); String password = "abc"; Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC"); // Openssl puts SALTED__ then the 8 byte salt at the start of the // file. We simply copy it out. byte[] salt = new byte[8]; System.arraycopy(encrypted, 8, salt, 0, 8); SecretKeyFactory fact =