How to check encrypted passwords with the user input passwords in the database?

1

I am creating a program in which the user will enter the login and the password before entering the system, and after he has entered his input, the passwords will be saved in the database, and then I will check if the encrypted passwords hit the user inputs.

Example:

User entered:

username : 123456

password : 123456

And after that, hash encryption will turn them into:

username : E10ADC3949BA59ABBE56E057F20F883E

password : E10ADC3949BA59ABBE56E057F20F883E

After this will be saved in the database, but there I want to check when the user re-enters the same password, verify that it is equal and hits the generated hash.

I'm doing this program that generates the hash in Java and will be used in html, and then saved to the database.

How can I do this?

    
asked by anonymous 02.06.2016 / 21:12

3 answers

4

I use the following. I record the user password in a hash form and when I am going to validate this password I generate the hash in the user input and compare that hash of the input with what is stored in the database

Validation using a function, I set the example in Oracle. the function receives the password and login (which is sure to be unique in your table) you pass the password already applied the hash to the function and it returns 0 for false and 1 for true. Here I compare the encrypted passwords.

CREATE OR REPLACE FUNCTION FN_VALIDAR_ACESSO(P_SENHAASH IN VARCHAR2, P_LOGIN IN VARCHAR2) RETURN  NUMBER IS
V_RETORNO NUMBER(1);
V_CONTADOR NUMBER(2);
BEGIN

SELECT COUNT(*) INTO V_CONTADOR 
FROM PCEMPR 
WHERE USUARIOBD = P_LOGIN 
AND SENHABD = P_SENHAASH;

IF V_CONTADOR = 0 THEN
V_RETORNO := 0;-- 0 PARA FALSE
ELSE
V_RETORNO := 1;-- 1 PRA TRUE
END IF;



RETURN V_RETORNO;
END;

Your Code:

Create procedure funcaoValidar
@username
@password
as 
begin
declare @existe int
set @existe = (select count(*) 
              from armazenarSenhas 
              where username = @username /*usar operador AND, virgula nao funciona..*/
              and password = @password)
if @existe > 0
print 'Login válido'
else
print 'Não há nenhum login válido'
end
    
02.06.2016 / 21:19
2

Since your hashing algorithm generates the same values when applied over the same parameters, you can compare the encrypted user input with the encrypted value of the bank.

Then according to your example when the user 123456 enter your data in the login screen you should make the comparison:

if ((meuGeradorDeHash(nomeUsuarioInformado) = nomeJaCriptografadoNoBanco) &&
    (meuGeradorDeHash(senhaUsuarioInformada) = senhaJaCriptografadaNoBanco)) {
    // login válido
}
    
02.06.2016 / 21:17
1

Complementing the answers, if your project is not specifically the algorithm of generating the hash, it is best to leave this function for specialized libraries, see DigestUtils .

import org.apache.commons.codec.digest.DigestUtils;
...
String digest = DigestUtils.sha1Hex(data);
    
02.06.2016 / 22:36