This question already has answers here:
Why is char[] preferred over String for passwords?
(17 answers)
Closed 7 years ago.
I am writing a little web framework and I want to enable SSL encryption with a SSL key which will be supplied by the user.
This might seem overly cautious, but is it common to pass the password for the keystore file as a String passed in the parameters of a method?
This is what I had in mind:
public void enableSSL(String keystorePath, String keystorePassword) {
// ... do things
}
It is always safer to store the password into character array than a string.
Please refer below query:
Why is char[] preferred over String for passwords?
Also refer the below coding guide lines from oracle site:
http://www.oracle.com/technetwork/java/seccodeguide-139067.html#2
Related
This question already has answers here:
Is it possible to decrypt MD5 hashes?
(24 answers)
Closed 3 years ago.
My problem is revert operation encode .
String computedLtpaTokenMd5 = new String(Base64.encodeBase64(MessageDigest.getInstance("MD5").digest(ltpaToken.getBytes())));
how to recover the token ltpaToken by computedLtPaTOkenMD5?
You cannot.
That is the whole point of a cryptographic hash function (which MD5 is, or rather was, you should not use it anymore): It is one-way.
All you can do is check if a given token matches that hashed value (by running the same hash function again and either getting the same output or not).
(You can reverse the Base64 encoding, but not the MD5 hashing)
This question already has answers here:
Masking password input from the console : Java
(5 answers)
Closed 6 years ago.
is there any way to display •••'s when a user is typing in the console? My program has a user entering a password for a MySQL database but I want it to show •••'s instead of their password when they type.
You can use Console.readPassword() to disable echoing. I don't think there's any way to get a substitute character without JNI though.
Dont know about showing "." But instead you can use
char[] password = console.readPassword("Password? ");
to input password without echoing on screen.
This question already has answers here:
What type of hash does WordPress use?
(11 answers)
Closed 8 years ago.
How can i encrypt password to get the same output like wordpress to compare it later with my db ?
As mentioned here WordPress uses the PasswordHash class from the phpass for generating the password hashes. According to the links, the default implementation used involves the use of a salt, and 8 rounds of MD5 hashing. Exactly how and when the salt is applied, and what goes into the MD5 don't seem to be readily available. However, there seem to be a java port of phpass here.
As I stated in the comments, WordPress uses MD5 to encrypt its passwords. Here's a link to some code about password hashing in PHP, which I think might be what you're looking for:
Password Hashing In PHP
This question already has answers here:
Guessing the encoding of text represented as byte[] in Java
(7 answers)
Closed 8 years ago.
I'm receiving a byte[] of information in an unspecified encoding format. Is there a way to convert it to a String without knowing the character encoding?
The tool of choice is CharsetMatch from ICU: http://userguide.icu-project.org/conversion/detection
It is not an exact science, so there is a confidence score that you have to watch and it will take some experimentation, but will definitely get you where you want to go. Good Luck!
This question already has answers here:
What is the best Java email address validation method? [closed]
(19 answers)
Closed 8 years ago.
I was looking for a very simple email validation. It just have to have an # symbol and a period in the email. I want to accept for my string that will come in as a parameter.
Does anyone know of any easy email validations?
The easiest way to do this is using InternetAddress from JavaMail. Just do new InternetAddress(email).validate() and it will throw an AddressException if it's invalid.