java - Verifying Hashed Password From MySQL Database -


i using java in eclipse , storing hashed password in database when new user created. done code..

string hashed_password = password.hashpassword(passwordfield.tostring()); string query = "insert user (username, password, usertype, license_code) values (?, ?, ?, ?)"; preparedstatement pst = connection.preparestatement(query); pst.setstring(1, usernametextfield.gettext()); pst.setstring(2, hashed_password); 

i left out out other details not associated password, however, hashed value stores in database. login, , following code...

string test_passwd = passwordfield.gettext(); string test_hash = "$2a$12$n773ystmtu/1ziue9an.r.p9u5bqp4o6.qjk.j.zha6ztfytyuozc";  system.out.println("testing bcrypt password hashing , verification"); system.out.println("test password: " + test_passwd); system.out.println("test stored hash: " + test_hash); system.out.println("hashing test password..."); system.out.println();  string computed_hash = password.hashpassword(test_passwd); system.out.println("test computed hash: " + computed_hash); system.out.println(); system.out.println("verifying hash , stored hash both match test password..."); system.out.println();  string compare_test = password.checkpassword(test_passwd, test_hash) ? "passwords match" : "passwords not match"; string compare_computed = password.checkpassword(test_passwd, computed_hash) ? "passwords match" : "passwords not match";  system.out.println("verify against stored hash:   " + compare_test); system.out.println("verify against computed hash: " + compare_computed); 

the test_hash variable hashed password stored in database new user code. when login, know using same password used in new user prompt.

however, here results:

test stored hash: $2a$12$n773ystmtu/1ziue9an.r.p9u5bqp4o6.qjk.j.zha6ztfytyuozc hashing test password...  test computed hash: $2a$12$rbblerv4gylay4.zz4fjiorlw423twyqkmv0ejws7mmfd2n3/eiek  verifying hash , stored hash both match test password...  verify against stored hash:   passwords not match verify against computed hash: passwords match 

the results indicate password matches hashed password right , there, doesn't match hashed password in database despite being same initial password.

here code hash password , verify it...

public class password { // define bcrypt workload use when generating password hashes. 10-31 valid value. private static int workload = 12;  /**  * method can used generate string representing account password  * suitable storing in database. openbsd-style crypt(3) formatted  * hash string of length=60  * bcrypt workload specified in above static variable, value 10 31.  * workload of 12 reasonable safe default of 2013.  * automatically handles secure 128-bit salt generation , storage within hash.  * @param password_plaintext account's plaintext password provided during account creation,  *               or when changing account's password.  * @return string - string of length 60 bcrypt hashed password in crypt(3) format.  */ public static string hashpassword(string password_plaintext) {     string salt = bcrypt.gensalt(workload);     string hashed_password = bcrypt.hashpw(password_plaintext, salt);      return(hashed_password); }  /**  * method can used verify computed hash plaintext (e.g. during login  * request) of stored hash database. password hash database  * must passed second variable.  * @param password_plaintext account's plaintext password, provided during login request  * @param stored_hash account's stored password hash, retrieved authorization database  * @return boolean - true if password matches password of stored hash, false otherwise  */ public static boolean checkpassword(string password_plaintext, string stored_hash) {     boolean password_verified = false;      if(null == stored_hash || !stored_hash.startswith("$2a$"))         throw new java.lang.illegalargumentexception("invalid hash provided comparison");      password_verified = bcrypt.checkpw(password_plaintext, stored_hash);      return(password_verified); } 

}

i'm not familiar java, seems me got value password input field wrong way, maybe should check out:

// in registration form passwordfield.tostring()  // in login form passwordfield.gettext() 

Comments

Popular posts from this blog

OpenCV OpenCL: Convert Mat to Bitmap in JNI Layer for Android -

python - How to remove the Xframe Options header in django? -

android - org.xmlpull.v1.XmlPullParserException: expected: START_TAG {http://schemas.xmlsoap.org/soap/envelope/}Envelope -